CVE-2011-2913

Severity

68%

Complexity

86%

Confidentiality

106%

Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.

Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Konstanty Bialkowski libmodplug

First reported 12 years ago

2012-06-07 19:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

Konstanty Bialkowski libmodplug 0.8

0.8

Konstanty Bialkowski libmodplug 0.8.4

0.8.4

Konstanty Bialkowski libmodplug 0.8.5

0.8.5

Konstanty Bialkowski libmodplug 0.8.6

0.8.6

Konstanty Bialkowski libmodplug 0.8.7

0.8.7

Konstanty Bialkowski libmodplug 0.8.8

0.8.8

Konstanty Bialkowski libmodplug 0.8.8.1

0.8.8.1

Konstanty Bialkowski libmodplug 0.8.8.2

0.8.8.2

References

http://jira.atheme.org/browse/AUDPLUG-394

FEDORA-2011-10503

FEDORA-2011-12370

openSUSE-SU-2011:0943

http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef

RHSA-2011:1264

45131

Vendor Advisory

45658

Vendor Advisory

45742

Vendor Advisory

45901

Vendor Advisory

46032

Vendor Advisory

46043

Vendor Advisory

46793

Vendor Advisory

48058

Vendor Advisory

48434

Vendor Advisory

48439

Vendor Advisory

http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/

USN-1255-1

DSA-2415

GLSA-201203-14

GLSA-201203-16

[oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

[oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

74210

48979

libmodplug-ams-code-execution(68985)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.