CVE-2010-2546 Information
Description
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod possibly 3.1.12 might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file related to panpts pitpts and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Reference
http://secunia.com/advisories/40799 http://secunia.com/advisories/48244 http://security.gentoo.org/glsa/glsa-201203-10.xml http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227 http://www.debian.org/security/2010/dsa-2081 http://www.mandriva.com/security/advisories?name=MDVSA-2010:151 http://www.securityfocus.com/bid/41917 http://www.vupen.com/english/advisories/2010/1957 https://bugzilla.redhat.com/show_bug.cgi?id=614643
Share on: