ID CVE-2007-6720
Summary libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
References
Vulnerable Configurations
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 04-10-2016 - 01:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • mikmod-0:3.1.6-23.el3
  • mikmod-0:3.1.6-33.el4_8.1
  • mikmod-0:3.1.6-39.el5_5.1
  • mikmod-debuginfo-0:3.1.6-23.el3
  • mikmod-debuginfo-0:3.1.6-33.el4_8.1
  • mikmod-debuginfo-0:3.1.6-39.el5_5.1
  • mikmod-devel-0:3.1.6-23.el3
  • mikmod-devel-0:3.1.6-33.el4_8.1
  • mikmod-devel-0:3.1.6-39.el5_5.1
refmap via4
bid 33235
confirm
fedora
  • FEDORA-2009-9095
  • FEDORA-2009-9112
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519
mlist [oss-security] 20090113 CVE Request -- libmikmod
secunia 34259
suse SUSE-SR:2009:006
statements via4
contributor Tomas Hoger
lastmodified 2009-01-21
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6720 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 04-10-2016 - 01:59
Published 20-01-2009 - 16:30
Last modified 04-10-2016 - 01:59
Back to Top