CVE-2013-4233

Name of the Vulnerable Software and Affected Versions libmodplug versions prior to 0.8.8.5

Description The issue affects the libmodplug package in Gentoo Linux and Debian GNU/Linux operating systems. It involves multiple vulnerabilities that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the abc set parts function in load abc.cpp can cause a denial of service and possibly allow the execution of arbitrary code via a crafted P header in an ABC file, triggering a heap-based buffer overflow.

Recommendations For versions prior to 0.8.8.5, update to version 0.8.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the abc set parts function in load abc.cpp to minimize the risk of exploitation. Avoid using crafted P headers in ABC files until the issue is resolved.