CVE-2013-4233

EUVD-2013-4137
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
konstanty_bialkowskilibmodplug
𝑥
≤ 0.8.8.4
konstanty_bialkowskilibmodplug
0.8
konstanty_bialkowskilibmodplug
0.8.4
konstanty_bialkowskilibmodplug
0.8.5
konstanty_bialkowskilibmodplug
0.8.6
konstanty_bialkowskilibmodplug
0.8.7
konstanty_bialkowskilibmodplug
0.8.8
konstanty_bialkowskilibmodplug
0.8.8.1
konstanty_bialkowskilibmodplug
0.8.8.2
konstanty_bialkowskilibmodplug
0.8.8.3
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmodplug
bookworm
1:0.8.9.0-3
fixed
bullseye
1:0.8.9.0-3
fixed
sid
1:0.8.9.0-3
fixed
trixie
1:0.8.9.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad0.10
artful
dne
bionic
dne
lucid
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
libmodplug
artful
ignored
bionic
not-affected
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/
http://secunia.com/advisories/54388
http://secunia.com/advisories/54695
http://www.debian.org/security/2013/dsa-2751
http://www.openwall.com/lists/oss-security/2013/08/10/3
http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/
http://secunia.com/advisories/54388
http://secunia.com/advisories/54695
http://www.debian.org/security/2013/dsa-2751
http://www.openwall.com/lists/oss-security/2013/08/10/3