### [CVE-2006-4192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

### POC

#### Reference
- http://aluigi.altervista.org/adv/mptho-adv.txt
- http://securityreason.com/securityalert/1397
- https://bugzilla.redhat.com/show_bug.cgi?id=497154

#### Github
No PoCs found on GitHub currently.