Release date:
Updated on:
Affected Systems:
Sourceforge xmp <= 4.1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59355
Xmp is a module player used in Unix-like systems.
When the MASI file is parsed in versions earlier than libxmp 4.1.0, a boundary error exists in the "get_dsmp" () function (src/loaders/masi_load.c). By enticing the victim to open a specially crafted MASI file, remote attackers can exploit this vulnerability to cause buffer overflow and execute arbitrary code on the system or cause application crash.
<* Source: Douglas Carmichael
Link: http://secunia.com/advisories/53114
Http://xforce.iss.net/xforce/xfdb/83683
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sourceforge
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view
Libxmp details: click here
Libxmp: click here