What is the severity of REDHAT-BUG-614643?

The severity of REDHAT-BUG-614643 is high as it involves multiple heap-based buffer overflow vulnerabilities that could allow for remote code execution.

How do I fix REDHAT-BUG-614643?

To fix REDHAT-BUG-614643, update libmikmod and any affected applications like Winamp to the latest patched versions.

What applications are affected by REDHAT-BUG-614643?

Applications affected by REDHAT-BUG-614643 include libmikmod and Winamp versions up to 5.57.

Can an attacker exploit REDHAT-BUG-614643 remotely?

Yes, an attacker can exploit REDHAT-BUG-614643 remotely by persuading a local user to open crafted audio files.

What types of files are involved in the exploitation of REDHAT-BUG-614643?

The exploitation of REDHAT-BUG-614643 involves opening crafted Impulse Tracker samples or Ultratracker files.

Vulnerability/
REDHAT-BUG-614643

medium

CWE

119

14/7/2010

29/9/2019

REDHAT-BUG-614643: Buffer Overflow

First published: Wed Jul 14 2010(Updated: )

Multiple heap-based buffer overflow vulnerabilities were found in libmikmod. These flaws could allow a remote attacker able to coerce a local user using an application linked against libmikmod, to open an Impulse Tracker, crafted samples, or an Ultratracker file, to execute arbitrary code with the privileges of the user running the application. CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. CVE-2009-3996: Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. References: <a href="http://www.vupen.com/english/advisories/2009/3575">http://www.vupen.com/english/advisories/2009/3575</a> <a href="http://secunia.com/secunia_research/2009-55/">http://secunia.com/secunia_research/2009-55/</a>

Affected Software	Affected Version	How to fix
libmikmod
NullSoft Winamp	<5.57

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-614643?
The severity of REDHAT-BUG-614643 is high as it involves multiple heap-based buffer overflow vulnerabilities that could allow for remote code execution.
How do I fix REDHAT-BUG-614643?
To fix REDHAT-BUG-614643, update libmikmod and any affected applications like Winamp to the latest patched versions.
What applications are affected by REDHAT-BUG-614643?
Applications affected by REDHAT-BUG-614643 include libmikmod and Winamp versions up to 5.57.
Can an attacker exploit REDHAT-BUG-614643 remotely?
Yes, an attacker can exploit REDHAT-BUG-614643 remotely by persuading a local user to open crafted audio files.
What types of files are involved in the exploitation of REDHAT-BUG-614643?
The exploitation of REDHAT-BUG-614643 involves opening crafted Impulse Tracker samples or Ultratracker files.

agent/type
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2009-3995
agent/first-publish-date
agent/source
agent/weakness
agent/severity
agent/references
agent/description
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/libmikmod
canonical/libmikmod
vendor/winamp
canonical/nullsoft winamp