What is CVE-2010-10016?

CVE-2010-10016 is a vulnerability in Bs.player Free And Pro Editions, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2025-08-30.

Is CVE-2010-10016 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Bs.player Free And Pro Editions

CVE-2010-10016

BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condit…

Vulnerability class: Buffer Overflow

EPSS: 0.667 (98.6th percentile) — read the EPSS interpretation.

Affected products

Bs.player Free And Pro Editions — versions 0

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/15934 (exploit)
www.exploit-db.com/exploits/18375 (exploit)
www.bsplayer.com/ (product)
www.vulncheck.com/advisories/bs-player-buffer-overflow-via-m3u-playlist-import (third-party-advisory)

Frequently asked questions

What is CVE-2010-10016?: CVE-2010-10016 is a vulnerability in Bs.player Free And Pro Editions, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2025-08-30.
Is CVE-2010-10016 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.