CVE-2006-3582 Information

Description

Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF (2) MTK (3) DMO and (4) U6M files.

Reference

http://adplug.cvs.sourceforge.net/adplug/adplug/src/cff.cpp?r1=1.16&r2=1.17 http://aluigi.altervista.org/adv/adplugbof-adv.txt http://secunia.com/advisories/20972 http://secunia.com/advisories/21238 http://secunia.com/advisories/21295 http://secunia.com/advisories/21869 http://security.gentoo.org/glsa/glsa-200607-13.xml http://security.gentoo.org/glsa/glsa-200609-06.xml http://www.osvdb.org/27042 http://www.osvdb.org/27043 http://www.osvdb.org/27044 http://www.osvdb.org/27047 http://www.securityfocus.com/archive/1/439432/100/100/threaded http://www.securityfocus.com/bid/18859 http://www.vupen.com/english/advisories/2006/2697 https://exchange.xforce.ibmcloud.com/vulnerabilities/27670 https://exchange.xforce.ibmcloud.com/vulnerabilities/27677