CVE-2009-0179
Description
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*
- cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*
- (no CPE)range: 3.1.11 - 3.2.0
Patches
Vulnerability mechanics
Root cause
"Missing return-value check after LoadInstruments() failure in mloader.c leaves the player state inconsistent, causing a crash when accessing unallocated sample data."
Attack vector
An attacker provides a crafted XM file that libmikmod misidentifies as invalid. The loader in `load_xm.c` fails on this file, but `mloader.c` does not verify the return value of `LoadInstruments()`, so `of.numsmp` remains non-zero while the `samples[]` array is not allocated. This inconsistency causes a crash when the player attempts to access the uninitialized sample data. The attack is user-assisted — the victim must open the malicious XM file.
Affected code
The crash occurs in `loaders/load_xm.c` and `playercode/mloader.c`. The XM loader in `load_xm.c` fails to handle certain valid XM files, and `mloader.c` does not check the return value of `LoadInstruments()`, leaving the `of` structure in an inconsistent state where `of.numsmp` is non-zero but the `samples[]` array has not been properly allocated.
What the fix does
The patch modifies `loaders/load_xm.c` to correctly handle the XM file that was previously misidentified as invalid, and adds a return-value check in `playercode/mloader.c` so that a failure in `LoadInstruments()` properly cleans up the `of` structure. This prevents the inconsistent state where `of.numsmp` is non-zero but `samples[]` is unallocated, eliminating the crash.
Preconditions
- inputThe victim must open a crafted XM file with libmikmod or an application using it.
- authNo authentication or special network access is required; the attack is user-assisted.
Generated on Jun 21, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.htmlnvd
- openwall.com/lists/oss-security/2009/01/13/2nvd
- secunia.com/advisories/34259nvd
- www.securityfocus.com/bid/33240nvd
- bugzilla.redhat.com/show_bug.cginvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.htmlnvd
News mentions
0No linked articles in our index yet.