CVE-2011-1574
VideoLAN VLC Media Player 1.1.8 - ModPlug ReadS3M Stack Buffer Overflow
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
Desbordamiento de búfer basado en pila en Método ReadS3M en load_s3m.cpp de libmodplug con anterioridad a v0.8.8.2, permite a atacantes remotos ejecutar código de su elección a través de un fichero S3M manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-04-05 CVE Reserved
- 2011-04-08 First Exploit
- 2011-05-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b | X_refsource_confirm | |
| http://secunia.com/advisories/44870 | Third Party Advisory | |
| http://secunia.com/advisories/48434 | Third Party Advisory | |
| http://securityreason.com/securityalert/8243 | Third Party Advisory | |
| http://securitytracker.com/id?1025480 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17252 | 2011-04-08 | |
| http://openwall.com/lists/oss-security/2011/04/11/13 | 2024-08-06 | |
| http://openwall.com/lists/oss-security/2011/04/11/6 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=695420 | 2024-08-06 | |
| https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2226 | 2023-02-13 | |
| http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:085 | 2023-02-13 | |
| https://rhn.redhat.com/errata/RHSA-2011-0477.html | 2023-02-13 | |
| https://www.ubuntu.com/usn/USN-1148-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1574 | 2011-05-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | <= 0.8.8.1 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version " <= 0.8.8.1" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8.4 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.4" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8.5 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.5" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8.6 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.6" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8.7 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.7" | - |
Affected
| ||||||
| Konstanty Bialkowski Search vendor "Konstanty Bialkowski" | Libmodplug Search vendor "Konstanty Bialkowski" for product "Libmodplug" | 0.8.8 Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8" | - |
Affected
| ||||||