ID CVE-2011-2911
Summary Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 13-02-2023 - 04:32)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2011:1264
rpms
  • gstreamer-plugins-0:0.8.5-1.EL.4
  • gstreamer-plugins-debuginfo-0:0.8.5-1.EL.4
  • gstreamer-plugins-devel-0:0.8.5-1.EL.4
refmap via4
bid 48979
confirm
debian DSA-2415
fedora
  • FEDORA-2011-10503
  • FEDORA-2011-12370
gentoo
  • GLSA-201203-14
  • GLSA-201203-16
mlist
  • [oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
  • [oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
osvdb 74208
secunia
  • 45131
  • 45658
  • 45742
  • 45901
  • 46032
  • 46043
  • 46793
  • 48058
  • 48434
  • 48439
suse openSUSE-SU-2011:0943
ubuntu USN-1255-1
xf libmodplug-wav-bo(68983)
Last major update 13-02-2023 - 04:32
Published 07-06-2012 - 19:55
Last modified 13-02-2023 - 04:32
Back to Top