VYPR
Unrated severityNVD Advisory· Published Apr 27, 2009· Updated Jun 16, 2026

CVE-2009-1438

CVE-2009-1438

Description

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*range: <=0.8.5
    • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
    • (no CPE)range: <0.8.6

Patches

Vulnerability mechanics

References

24

News mentions

0

No linked articles in our index yet.