CVE-2006-3879
Description
Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:miod_vallat:mikmod:3.0.3:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:miod_vallat:mikmod:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:miod_vallat:mikmod:3.2.2:*:*:*:*:*:*:*
- Range: =3.2.2
Patches
Vulnerability mechanics
Root cause
"An integer overflow occurs when calculating memory allocation size for a comment in a GT2 module file."
Attack vector
Remote attackers can cause a denial of service by providing a GRAOUMF TRACKER (GT2) module file with a large comment length value. Specifically, a comment length of 0xffffffff causes an integer overflow when allocating memory for the comment. This leads to an attempt to read more data than allocated, overflowing the buffer [ref_id=1]. The vulnerability is in the loadChunk function within the GT2 loader of libmikmod [ref_id=1].
Affected code
The vulnerability resides in the `loadChunk` function within `loaders/load_gt2.c` in libmikmod. The code reads the `comment_len` value and then attempts to allocate memory using `MikMod_malloc(new_chunk->xcom.comment_len + 1)`. Subsequently, it reads `new_chunk->xcom.comment_len` bytes into this allocated buffer [ref_id=1].
What the fix does
The advisory states that there is no fix available for this vulnerability, and no reply was received from the developers [ref_id=1]. Therefore, the recommended remediation is to avoid using affected versions of libmikmod.
Preconditions
- inputA specially crafted GRAOUMF TRACKER (GT2) module file with a comment length of 0xffffffff.
- networkThe attacker must be able to send the malicious module file to the vulnerable application.
Reproduction
http://aluigi.org/poc/lmmgt2ho.zip
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- aluigi.altervista.org/adv/lmmgt2ho-adv.txtnvdExploitVendor Advisory
- aluigi.org/poc/lmmgt2ho.zipnvdExploit
- www.securityfocus.com/bid/19134nvdExploit
- secunia.com/advisories/21196nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2967nvdVendor Advisory
- securityreason.com/securityalert/1288nvd
- www.securityfocus.com/archive/1/441006/100/0/threadednvd
News mentions
0No linked articles in our index yet.