Buffer overflow in Konstanty_bialkowski Libmodplug

CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invali…

Vulnerability class: Buffer Overflow

EPSS: 0.021 (84.6th percentile) — read the EPSS interpretation.

Affected products

Konstanty_bialkowski Libmodplug — versions 0.8, 0.8.4, 0.8.5
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

FEDORA-2011-12370 (x_refsource_FEDORA, vendor-advisory)
[oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 (mailing-list, x_refsource_MLIST)
DSA-2415 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
GLSA-201203-16 (vendor-advisory, x_refsource_GENTOO)
FEDORA-2011-10503 (x_refsource_FEDORA, vendor-advisory)
45131 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 (mailing-list, x_refsource_MLIST)
48058 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
46032 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)