CVE-2011-2914
published 2012-06-07CVE-2011-2914: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.58%
90.5th percentile
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmodplug | < libmodplug 1:0.8.8.4-1 (bookworm) | libmodplug 1:0.8.8.4-1 (bookworm) |
| konstanty_bialkowski | libmodplug | <= 0.8.8.3 | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-1 | 1:0.8.8.4-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-1 | 1:0.8.8.4-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-1 | 1:0.8.8.4-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-1 | 1:0.8.8.4-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cgc2-53vh-7rq5: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms
ghsa_unreviewed·2022-05-17
CVE-2011-2914 [MEDIUM] GHSA-cgc2-53vh-7rq5: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
OSV
CVE-2011-2914: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms
osv·2012-06-07·CVSS 6.8
CVE-2011-2914 [MEDIUM] CVE-2011-2914: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
Ubuntu
libmodplug vulnerabilities
vendor_ubuntu·2011-11-09·CVSS 6.8
CVE-2011-2911 [MEDIUM] libmodplug vulnerabilities
Title: libmodplug vulnerabilities
Summary: libmodplug could be made to crash or run programs as your login if it
opened a specially crafted file.
Hossein Lotfi discovered that libmodplug did not correctly handle certain
malformed media files. If a user or automated system were tricked into
opening a crafted media file, an attacker could cause a denial of service
or possibly execute arbitrary code with privileges of the user invoking the
program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)
It was discovered that libmodplug did not correctly handle certain
malformed media files. If a user or automated system were tricked into
opening a crafted media file, an attacker could cause a denial of service
or possibly execute arbitrary code with privileges of the user invoking the
program. (CVE
Red Hat
libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
vendor_redhat·2011-07-15·CVSS 6.8
CVE-2011-2914 [MEDIUM] libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
Debian
CVE-2011-2914: libmodplug - Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libm...
vendor_debian·2011·CVSS 6.8
CVE-2011-2914 [MEDIUM] CVE-2011-2914: libmodplug - Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libm...
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
Scope: local
bookworm: resolved (fixed in 1:0.8.8.4-1)
bullseye: resolved (fixed in 1:0.8.8.4-1)
forky: resolved (fixed in 1:0.8.8.4-1)
sid: resolved (fixed in 1:0.8.8.4-1)
trixie: resolved (fixed in 1:0.8.8.4-1)
No detection rules found.
No public exploits indexed.
http://jira.atheme.org/browse/AUDPLUG-394http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.htmlhttp://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=26243ab9fe1171f70053e9aec4b20e9f7de9e4efhttp://rhn.redhat.com/errata/RHSA-2011-1264.htmlhttp://secunia.com/advisories/45131http://secunia.com/advisories/45658http://secunia.com/advisories/45742http://secunia.com/advisories/45901http://secunia.com/advisories/46032http://secunia.com/advisories/46043http://secunia.com/advisories/46793http://secunia.com/advisories/48058http://secunia.com/advisories/48434http://secunia.com/advisories/48439http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/http://ubuntu.com/usn/usn-1255-1http://www.debian.org/security/2012/dsa-2415http://www.gentoo.org/security/en/glsa/glsa-201203-14.xmlhttp://www.gentoo.org/security/en/glsa/glsa-201203-16.xmlhttp://www.openwall.com/lists/oss-security/2011/08/10/4http://www.openwall.com/lists/oss-security/2011/08/12/4http://www.osvdb.org/74211http://www.securityfocus.com/bid/48979https://exchange.xforce.ibmcloud.com/vulnerabilities/68985http://jira.atheme.org/browse/AUDPLUG-394http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.htmlhttp://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=26243ab9fe1171f70053e9aec4b20e9f7de9e4efhttp://rhn.redhat.com/errata/RHSA-2011-1264.htmlhttp://secunia.com/advisories/45131http://secunia.com/advisories/45658http://secunia.com/advisories/45742http://secunia.com/advisories/45901http://secunia.com/advisories/46032http://secunia.com/advisories/46043http://secunia.com/advisories/46793http://secunia.com/advisories/48058http://secunia.com/advisories/48434http://secunia.com/advisories/48439http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/http://ubuntu.com/usn/usn-1255-1http://www.debian.org/security/2012/dsa-2415http://www.gentoo.org/security/en/glsa/glsa-201203-14.xmlhttp://www.gentoo.org/security/en/glsa/glsa-201203-16.xmlhttp://www.openwall.com/lists/oss-security/2011/08/10/4http://www.openwall.com/lists/oss-security/2011/08/12/4http://www.osvdb.org/74211http://www.securityfocus.com/bid/48979https://exchange.xforce.ibmcloud.com/vulnerabilities/68985
2012-06-07
Published