CVE-2006-4192
Last modified
CVE-2006-4192 is a vulnerability of currently unknown severity. Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.. EPSS estimates a 8.33% chance of exploitation in the next 30 days.
Description
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Modplug | Tracker | <= 1.17.02.43 |
References
- http://secunia.com/advisories/21418Vendor Advisory
- http://secunia.com/advisories/21418Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4192?
How severe is CVE-2006-4192?
How do I fix CVE-2006-4192?
Are you affected by CVE-2006-4192?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST