Mandriva Linux Security Advisory : libmodplug (MDVSA-2013:232)
Medium Nessus Plugin ID 69890
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in libmodplug :
An integer overflow within the abc_set_parts() function (src/load_abc.cpp) can be exploited to corrupt heap memory via a specially crafted ABC file (CVE-2013-4233).
An error within the abc_MIDI_drum() and abc_MIDI_gchord() functions (src/load_abc.cpp) can be exploited to cause a buffer overflow via a specially crafted ABC file (CVE-2013-4234).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected lib64modplug-devel and / or lib64modplug1 packages.