CVE-2006-4192 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-4192 Interim 1 4 2023-12-09T02:17:34Z current 2021-05-30T12:36:32Z 2023-12-09T02:17:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-4192 Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XXDYUKF4GZXEMMP65JJW6ANQTD6L36H2/#XXDYUKF4GZXEMMP65JJW6ANQTD6L36H2 E-Mail link for SUSE-SR:2006:023 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. CVE-2006-4192 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P