blob: a7ef860294352267005095af7239cd691f102b48 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200609-06">
<title>AdPlug: Multiple vulnerabilities</title>
Multiple heap and buffer overflows exist in AdPlug.
<product type="ebuild">adplug</product>
<announced>September 12, 2006</announced>
<revised>September 12, 2006: 01</revised>
<package name="media-libs/adplug" auto="yes" arch="*">
<unaffected range="ge">2.0.1</unaffected>
<vulnerable range="lt">2.0.1</vulnerable>
AdPlug is a free, cross-platform, and hardware-independent AdLib sound
player library.
AdPlug is vulnerable to buffer and heap overflows when processing the
following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.
<impact type="normal">
By enticing a user to load a specially crafted file, an attacker could
execute arbitrary code with the privileges of the user running AdPlug.
There are no known workarounds at this time.
All AdPlug users should update to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/adplug-2.0.1&quot;</code>
<uri link="">BugTraq Announcement</uri>
<uri link="">CVE-2006-3581</uri>
<uri link="">CVE-2006-3582</uri>
<metadata tag="requester" timestamp="Wed, 06 Sep 2006 14:38:47 +0000">
<metadata tag="submitter" timestamp="Wed, 06 Sep 2006 23:03:51 +0000">
<metadata tag="bugReady" timestamp="Tue, 12 Sep 2006 00:51:08 +0000">