cbcvebase.
CVE-2010-2546
published 2010-08-05

CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted…

PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.72%
93.1th percentile
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianlibmikmod< libmikmod 3.1.11-6.3 (bookworm)libmikmod 3.1.11-6.3 (bookworm)
raphael_assenatlibmikmod
raphael_assenatlibmikmod>= 0 < 3.1.11-6.33.1.11-6.3
raphael_assenatlibmikmod>= 0 < 3.1.11-6.33.1.11-6.3
raphael_assenatlibmikmod>= 0 < 3.1.11-6.33.1.11-6.3
raphael_assenatlibmikmod>= 0 < 3.1.11-6.33.1.11-6.3

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.