This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple security vulnerabilities has been identified and fixed in
Integer overflow in the CSoundFile::ReadMed function
(src/load_med.cpp) in libmodplug before 0.8.6, as used in
gstreamer-plugins and other products, allows context-dependent
attackers to execute arbitrary code via a MED file with a crafted (1)
song comment or (2) song name, which triggers a heap-based buffer
Buffer overflow in the PATinst function in src/load_pat.cpp in
libmodplug before 0.8.7 allows user-assisted remote attackers to cause
a denial of service and possibly execute arbitrary code via a long
instrument name (CVE-2009-1513).
The updated packages have been patched to prevent this.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true