CVE-2009-3995
libmikmod - arbitrary code execution
EPSS 12.2%
Description
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
How to fix CVE-2009-3995
To remediate CVE-2009-3995, upgrade the affected package to a fixed version below.
- Debian/libmikmod—upgrade to 3.1.11-6.2 or later
- Debian/libmikmod—upgrade to 3.1.11-6+lenny1 or later
- —upgrade to 3.1.11-6.0.1+lenny1 or later
Is CVE-2009-3995 being exploited?
Moderate — EPSS is 12.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 3.1.11-6.2
- from 0, < 3.1.11-6+lenny1
- from 0, < 3.1.11-6.0.1+lenny1