CVE-2013-4233
libmodplug - several
EPSS 3.8%
Description
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
How to fix CVE-2013-4233
To remediate CVE-2013-4233, upgrade the affected package to a fixed version below.
- Debian/libmodplug—upgrade to 1:0.8.8.4-4 or later
- Debian/libmodplug—upgrade to 1:0.8.8.1-1+squeeze2+git20130828 or later
Is CVE-2013-4233 being exploited?
Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:0.8.8.4-4
- from 0, < 1:0.8.8.1-1+squeeze2+git20130828