VDB
CVE-2011-2911
CVE-2011-2911
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.
EPSS 2.14% · 84.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.14%
84.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| konstanty_bialkowski | libmodplug | 0.8.6, 0, 0.8 |
| n/a | n/a | n/a |
Timeline
- Jun 7, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- FEDORA-2011-12370 vendor-advisory
- [oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 mailing-list
- DSA-2415 vendor-advisory
- http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/ url
- GLSA-201203-16 vendor-advisory
- FEDORA-2011-10503 vendor-advisory
- 45131 third-party-advisory
- [oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 mailing-list
- 48058 third-party-advisory
- 46032 third-party-advisory
- 74208 vdb
- 46793 third-party-advisory
- 48439 third-party-advisory
- 45742 third-party-advisory
- USN-1255-1 vendor-advisory
- openSUSE-SU-2011:0943 vendor-advisory
- 48434 third-party-advisory
- 48979 vdb
- GLSA-201203-14 vendor-advisory
- http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=2d4c56de314ab13e4437bd8b609f0b751066eee8 url
…and 9 more