CVE-2009-1438

EPSS 2.55% · P86 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-1438

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Konstanty_Bialkowski libmodplug 'src/load_med.cpp'整数溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Libmodplug是Stephane Denis和Ivan Vecera程序员共同开发的一个用于处理mod类音乐格式的开源函数库。 Libmodplug库的src/load_med.cpp文件中的CSoundFile::ReadMed()函数在加载MED文件时存在可导致堆溢出的整数溢出漏洞，以下是load_med.cpp中的有漏洞代码段： 698 // Song Comments 699 UINT annotxt = bswapBE32(pmex->;annotxt); 700 UINT annolen

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-1438

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-1438

请登录查看更多情报信息。

http://bugs.gentoo.org/show_bug.cgi?id=266913x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=496834x_refsource_CONFIRM
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&amp%3Br2=1.2x_refsource_MISC
http://secunia.com/advisories/34797third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/53801vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/35736third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/30801vdb-entryx_refsource_BID
http://secunia.com/advisories/34930third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35685third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36183third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36158third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35026third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1850vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2009/dsa-1851vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/1104vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:128vendor-advisoryx_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200907-07.xmlvendor-advisoryx_refsource_GENTOO
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.htmlvendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlvendor-advisoryx_refsource_SUSE
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.htmlvendor-advisoryx_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/50388vdb-entryx_refsource_XF
http://www.openwall.com/lists/oss-security/2009/04/21/4mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2009-1438

Same Patch Batch · n/a · 2009-04-27 · 19 CVEs total

CVE-2009-1446		Elkagroup Image Gallery 'upload.php'未限制文件上传漏洞
CVE-2009-1440		aMule 'src/DownloadListCtrl.cpp'命令注入漏洞
CVE-2009-1439		Linux Kernel 'fs/cifs/connect.c'远程溢出漏洞
CVE-2009-1437		CoolPlayer M3U文件处理栈溢出漏洞
CVE-2009-1436		FreeBSD libc Berkley DB接口未初始化内存本地信息泄露漏洞
CVE-2009-1435		Trendmicro趋势科技OfficeScan客户端拒绝服务漏洞
CVE-2009-1189		D-BUS 输入验证错误漏洞
CVE-2008-6753		SilverStripe 'AjaxUniqueTextField' 参数 SQL注入漏洞
CVE-2009-1447		e-cart 'admin/editor/image.php'未限制文件上传漏洞
CVE-2008-6755		ZoneMinder '/etc/zm.conf'权限许可和访问控制漏洞
CVE-2009-1445		WebPortal CMS 'libraries/helpdocs/help.php'目录遍历漏洞
CVE-2009-1444		WebPortal CMS 'indexk.php'PHP远程文件包含漏洞
CVE-2009-1443		OCS Inventory NG服务器组件多个未明漏洞
CVE-2008-6754		Mephisteus Personal Sticky Threads vBulletin Addon未授权访问漏洞
CVE-2009-1449		CoolPlayer皮肤文件处理缓冲区溢出漏洞
CVE-2009-1448		lovpop apricot 'apricot.php'跨站脚本攻击漏洞
CVE-2009-1190		Sun Java Development Kit 'java.util.regex.Pattern.compile'算法复杂性漏洞
CVE-2008-6756		Zoneminder Gentoo Linux '/etc/zm.conf'权限许可和访问控制漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-1438

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-1438

I. Basic Information for CVE-2009-1438

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-1438

III. Intelligence Information for CVE-2009-1438

Same Patch Batch · n/a · 2009-04-27 · 19 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2009-1438

Leave a comment