// For flags

CVE-2011-2911

libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.

Desbordamiento de entero en la función CSoundFile::ReadWav en src/load_wav.cpp en libmodplug antes de v0.8.8.4 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código de su elección a través de un archivo WAV diseñado, lo que provoca un desbordamiento de búfer basado en memoria dinámica.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-07-27 CVE Reserved
  • 2012-06-07 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (28)
URL Tag Source
http://jira.atheme.org/browse/AUDPLUG-394 X_refsource_confirm
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=2d4c56de314ab13e4437bd8b609f0b751066eee8 X_refsource_confirm
http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2011/08/10/4 Mailing List
http://www.openwall.com/lists/oss-security/2011/08/12/4 Mailing List
http://www.osvdb.org/74208 Vdb Entry
http://www.securityfocus.com/bid/48979 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68983 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2011-1264.html 2023-02-13
http://secunia.com/advisories/45131 2023-02-13
http://secunia.com/advisories/45658 2023-02-13
http://secunia.com/advisories/45742 2023-02-13
http://secunia.com/advisories/45901 2023-02-13
http://secunia.com/advisories/46032 2023-02-13
http://secunia.com/advisories/46043 2023-02-13
http://secunia.com/advisories/46793 2023-02-13
http://secunia.com/advisories/48058 2023-02-13
http://secunia.com/advisories/48434 2023-02-13
http://secunia.com/advisories/48439 2023-02-13
http://ubuntu.com/usn/usn-1255-1 2023-02-13
http://www.debian.org/security/2012/dsa-2415 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-14.xml 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml 2023-02-13
https://access.redhat.com/security/cve/CVE-2011-2911 2011-09-06
https://bugzilla.redhat.com/show_bug.cgi?id=728371 2011-09-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 <= 0.8.8.3
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version " <= 0.8.8.3"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.4
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.4"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.5
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.5"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.6
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.6"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.7
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.7"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.1
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.1"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.2
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.2"
-
Affected