Gentoo Logo

Cheese Tracker: Buffer Overflow


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200610-13 / cheesetracker
Release Date October 26, 2006
Latest Revision October 26, 2006: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-sound/cheesetracker < 0.9.9-r1 >= 0.9.9-r1 All supported architectures

Related bugreports: #142391


Cheese Tracker contains a buffer overflow allowing the remote execution of arbitrary code.

2.  Impact Information


Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats.


Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp.


An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data.

3.  Resolution Information


There is no known workaround at this time.


All Cheese Tracker users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1"

4.  References


Page updated October 26, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.