Buffer overflow in Konstanty_bialkowski Libmodplug

CVE-2011-1761

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…

Vulnerability class: Buffer Overflow

EPSS: 0.170 (95.1th percentile) — read the EPSS interpretation.

Affected products

Konstanty_bialkowski Libmodplug — versions 0.8, 0.8.4, 0.8.5
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-2415 (vendor-advisory, x_refsource_DEBIAN)
44870 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
72157 (x_refsource_OSVDB, vdb-entry)
USN-1148-1 (x_refsource_UBUNTU, vendor-advisory)
44695 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
48058 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
17222 (exploit, x_refsource_EXPLOIT-DB)
45742 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
openSUSE-SU-2011:0943 (vendor-advisory, x_refsource_SUSE)
[oss-security] 20120502 Re: CVE request: libmodplugin stack-buffer overflow (mailing-list, x_refsource_MLIST)