VIR Vulnerability Intelligence Relay

CVE-2013-4233

medium
Published 2013-09-16 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4233

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/54695

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/54388

OS impact
OSVersionStatusFixed in
debian debian6.0affected
debian debian7.0affected
debian debianbookwormfixed1:0.8.8.4-4
debian debianbullseyefixed1:0.8.8.4-4
debian debianforkyfixed1:0.8.8.4-4
debian debiansidfixed1:0.8.8.4-4
debian debiantrixiefixed1:0.8.8.4-4

Application impact
VendorProductVersionsFixed
konstanty_bialkowskilibmodplug{"endIncluding":"0.8.8.4"}
konstanty_bialkowskilibmodplug0.8
konstanty_bialkowskilibmodplug0.8.4
konstanty_bialkowskilibmodplug0.8.5
konstanty_bialkowskilibmodplug0.8.6
konstanty_bialkowskilibmodplug0.8.7
konstanty_bialkowskilibmodplug0.8.8
konstanty_bialkowskilibmodplug0.8.8.1
konstanty_bialkowskilibmodplug0.8.8.2
konstanty_bialkowskilibmodplug0.8.8.3

References

CWEs

CWE-189

Verify integrity in audit chain (admin only). AS-IS.