// For flags

CVE-2011-2912

libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.

Un desbordamiento de búfer basado en pila en la función CSoundFile::ReadS3M en src/load_s3m.cpp en libmodplug antes de v0.8.8.4 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código de su elección a través de un archivo S3M diseñado con un desplazamiento (offset) inválido.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-07-27 CVE Reserved
  • 2012-06-07 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (28)
URL Tag Source
http://jira.atheme.org/browse/AUDPLUG-394 X_refsource_confirm
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=f4e5295658fff000379caa122e75c9200205fe20 X_refsource_confirm
http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2011/08/10/4 Mailing List
http://www.openwall.com/lists/oss-security/2011/08/12/4 Mailing List
http://www.osvdb.org/74209 Vdb Entry
http://www.securityfocus.com/bid/48979 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68984 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2011-1264.html 2023-02-13
http://secunia.com/advisories/45131 2023-02-13
http://secunia.com/advisories/45658 2023-02-13
http://secunia.com/advisories/45742 2023-02-13
http://secunia.com/advisories/45901 2023-02-13
http://secunia.com/advisories/46032 2023-02-13
http://secunia.com/advisories/46043 2023-02-13
http://secunia.com/advisories/46793 2023-02-13
http://secunia.com/advisories/48058 2023-02-13
http://secunia.com/advisories/48434 2023-02-13
http://secunia.com/advisories/48439 2023-02-13
http://ubuntu.com/usn/usn-1255-1 2023-02-13
http://www.debian.org/security/2012/dsa-2415 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-14.xml 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml 2023-02-13
https://access.redhat.com/security/cve/CVE-2011-2912 2011-09-06
https://bugzilla.redhat.com/show_bug.cgi?id=728371 2011-09-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 <= 0.8.8.3
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version " <= 0.8.8.3"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.4
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.4"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.5
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.5"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.6
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.6"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.7
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.7"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.1
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.1"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.2
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.2"
-
Affected