cbcvebase.

Konstanty Bialkowski Libmodplug vulnerabilities

12 known vulnerabilities affecting konstanty_bialkowski/libmodplug.

Total CVEs
12
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2009-1438P2HIGHCVSS 7.5Exploited≤ 0.8.5v0.8+1 more2009-04-27
CVE-2009-1438 [HIGH] CWE-189 CVE-2009-1438: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild
nvdosv
CVE-2011-1574P3MEDIUMCVSS 6.8PoC≤ 0.8.8.1v0.8+5 more2011-05-09
CVE-2011-1574 [MEDIUM] CWE-119 CVE-2011-1574: Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allow Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
nvdosv
CVE-2011-1761P3MEDIUMCVSS 6.8PoC≤ 0.8.8.2v0.8+6 more2012-06-07
CVE-2011-1761 [MEDIUM] CWE-119 CVE-2011-1761: Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in s Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.
nvdosv
CVE-2006-4192P3MEDIUMCVSS 5.1PoC≥ 0, < 1:0.7-5.22006-08-17
CVE-2006-4192 [MEDIUM] CVE-2006-4192: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1 Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundl
osv
CVE-2013-4234P3MEDIUMCVSS 6.8≤ 0.8.8.4v0.8+8 more2013-09-16
CVE-2013-4234 [MEDIUM] CWE-119 CVE-2013-4234: Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in l Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
nvdosv
CVE-2011-2911P3MEDIUMCVSS 6.8≤ 0.8.8.3v0.8+7 more2012-06-07
CVE-2011-2911 [MEDIUM] CWE-189 CVE-2011-2911: Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8. Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.
nvdosv
CVE-2011-2914P3MEDIUMCVSS 6.8≤ 0.8.8.3v0.8+7 more2012-06-07
CVE-2011-2914 [MEDIUM] CWE-189 CVE-2011-2914: Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8. Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
nvdosv
CVE-2011-2913P3MEDIUMCVSS 6.8≤ 0.8.8.3v0.8+7 more2012-06-07
CVE-2011-2913 [MEDIUM] CWE-189 CVE-2011-2913: Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8. Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.
nvdosv
CVE-2011-2912P3MEDIUMCVSS 6.8≤ 0.8.8.3v0.8+7 more2012-06-07
CVE-2011-2912 [MEDIUM] CWE-119 CVE-2011-2912: Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug be Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.
nvdosv
CVE-2013-4233P3MEDIUMCVSS 6.8≤ 0.8.8.4v0.8+8 more2013-09-16
CVE-2013-4233 [MEDIUM] CWE-189 CVE-2013-4233: Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier all Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
nvdosv
CVE-2011-2915P3MEDIUMCVSS 6.8≤ 0.8.8.3v0.8+7 more2012-06-07
CVE-2011-2915 [MEDIUM] CWE-189 CVE-2011-2915: Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8 Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.
nvdosv
CVE-2009-1513P4MEDIUMCVSS 6.8≤ 0.8.6v0.8+2 more2009-05-04
CVE-2009-1513 [MEDIUM] CWE-119 CVE-2009-1513: Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-a Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
nvdosv
Konstanty Bialkowski Libmodplug vulnerabilities | cvebase