Vulnerabilities > CVE-2006-3879 - Numeric Errors vulnerability in Miod Vallat Mikmod
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | libmikmod <= 3.2.2 (GT2 loader) Local Heap Overflow PoC. CVE-2006-3879. Dos exploits for multiple platform |
| id | EDB-ID:2073 |
| last seen | 2016-01-31 |
| modified | 2006-07-25 |
| published | 2006-07-25 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/2073/ |
| title | libmikmod <= 3.2.2 GT2 loader Local Heap Overflow PoC |
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-16 |
| organization | Red Hat |
| statement | This issue does not affect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue. |
References
- http://aluigi.altervista.org/adv/lmmgt2ho-adv.txt
- http://aluigi.org/poc/lmmgt2ho.zip
- http://secunia.com/advisories/21196
- http://securityreason.com/securityalert/1288
- http://www.securityfocus.com/archive/1/441006/100/0/threaded
- http://www.securityfocus.com/bid/19134
- http://www.vupen.com/english/advisories/2006/2967