VDB
CVE-2011-2914
CVE-2011-2914
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
EPSS 2.46% · 85.5th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.46%
85.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| konstanty_bialkowski | libmodplug | 0.8.8, 0, 0.8 |
| n/a | n/a | n/a |
Timeline
- Jun 7, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
References
- http://secunia.com/advisories/45131 url
- FEDORA-2011-12370 vendor-advisory
- [oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 mailing-list
- DSA-2415 vendor-advisory
- http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/ url
- GLSA-201203-16 vendor-advisory
- 74211 vdb
- FEDORA-2011-10503 vendor-advisory
- [oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 mailing-list
- http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef url
- 48058 third-party-advisory
- 46032 third-party-advisory
- 46793 third-party-advisory
- libmodplug-dsm-code-execution(68986) vdb
- 48439 third-party-advisory
- 45742 third-party-advisory
- USN-1255-1 vendor-advisory
- openSUSE-SU-2011:0943 vendor-advisory
- 48434 third-party-advisory
- 48979 vdb
…and 9 more