Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6720

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6720
Last Modified 02 Sep 2009 01:06:30
Published 20 Jan 2009 11:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6720

Summary

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.

Vulnerable Systems

Application

  • Igno Saitz Libmikmod 3.1.10-1

  • Igno Saitz Libmikmod 3.1.10-2

  • Igno Saitz Libmikmod 3.1.10-3

  • Igno Saitz Libmikmod 3.1.10-4

  • Igno Saitz Libmikmod 3.1.10-5

  • Igno Saitz Libmikmod 3.1.11-1

  • Igno Saitz Libmikmod 3.1.11-2

  • Igno Saitz Libmikmod 3.1.11-3

  • Igno Saitz Libmikmod 3.1.11-4

  • Igno Saitz Libmikmod 3.1.11-5

  • Igno Saitz Libmikmod 3.1.11-6

  • Igno Saitz Libmikmod 3.1.12

  • Igno Saitz Libmikmod 3.1.9-1

  • Igno Saitz Libmikmod 3.1.9-2

  • Igno Saitz Libmikmod 3.1.9-3

  • Igno Saitz Libmikmod 3.1.9-4

  • Igno Saitz Libmikmod 3.1.9-5

  • Igno Saitz Libmikmod 3.1.9-6

  • Igno Saitz Libmikmod 3.2.0


References

FEDORA - FEDORA-2009-9112

FEDORA - FEDORA-2009-9095

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=479829

BID - 33235

SECUNIA - 34259

MLIST - [oss-security] 20090113 CVE Request -- libmikmod

SUSE - SUSE-SR:2009:006

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422021

Related Patches

Novell SUSE 2009:6034 libmikmod security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:46:36