// For flags

CVE-2011-2914

libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.

Error de superación de límite (off-by-one) en la función de CSoundFile::ReadDSM en src/load_dms.cpp en libmodplug antes de v0.8.8.4 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de un archivo DSM diseñado con un gran número de muestras.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-07-27 CVE Reserved
  • 2012-06-07 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (28)
URL Tag Source
http://jira.atheme.org/browse/AUDPLUG-394 X_refsource_confirm
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef X_refsource_confirm
http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2011/08/10/4 Mailing List
http://www.openwall.com/lists/oss-security/2011/08/12/4 Mailing List
http://www.osvdb.org/74211 Vdb Entry
http://www.securityfocus.com/bid/48979 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68985 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2011-1264.html 2023-02-13
http://secunia.com/advisories/45131 2023-02-13
http://secunia.com/advisories/45658 2023-02-13
http://secunia.com/advisories/45742 2023-02-13
http://secunia.com/advisories/45901 2023-02-13
http://secunia.com/advisories/46032 2023-02-13
http://secunia.com/advisories/46043 2023-02-13
http://secunia.com/advisories/46793 2023-02-13
http://secunia.com/advisories/48058 2023-02-13
http://secunia.com/advisories/48434 2023-02-13
http://secunia.com/advisories/48439 2023-02-13
http://ubuntu.com/usn/usn-1255-1 2023-02-13
http://www.debian.org/security/2012/dsa-2415 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-14.xml 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml 2023-02-13
https://access.redhat.com/security/cve/CVE-2011-2914 2011-09-06
https://bugzilla.redhat.com/show_bug.cgi?id=728371 2011-09-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 <= 0.8.8.3
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version " <= 0.8.8.3"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.4
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.4"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.5
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.5"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.6
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.6"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.7
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.7"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.1
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.1"
-
Affected
Konstanty Bialkowski
Search vendor "Konstanty Bialkowski"
 Libmodplug
Search vendor "Konstanty Bialkowski" for product "Libmodplug"
 0.8.8.2
Search vendor "Konstanty Bialkowski" for product "Libmodplug" and version "0.8.8.2"
-
Affected