Vulnerability CVE-2011-2913: Information

Description

Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2011-2913
Published: June 7, 2012
Modified: Feb. 13, 2023
Error type identifier: CWE-189

References to Advisories, Solutions, and Tools

Hyperlink
Resource
48439
  • Vendor Advisory
46043
  • Vendor Advisory
[oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
    48434
    • Vendor Advisory
    FEDORA-2011-10503
      46032
      • Vendor Advisory
      FEDORA-2011-12370
        openSUSE-SU-2011:0943
          http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/
            GLSA-201203-16
              45131
              • Vendor Advisory
              45901
              • Vendor Advisory
              74210
                [oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
                  http://jira.atheme.org/browse/AUDPLUG-394
                    48979
                      RHSA-2011:1264
                        45658
                        • Vendor Advisory
                        USN-1255-1
                          GLSA-201203-14
                            46793
                            • Vendor Advisory
                            45742
                            • Vendor Advisory
                            48058
                            • Vendor Advisory
                            DSA-2415
                              libmodplug-ams-code-execution(68985)
                                http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commitdiff%3Bh=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef

                                    1. Configuration 1

                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*
                                      End including
                                      0.8.8.3
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
                                      cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*
                                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                  Version: v24.5.3
                                  Back to top