CVE-2011-1574

Current Description

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.

Basic Data

PublishedMay 09, 2011
Last ModifiedDecember 08, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8*******
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8.4*******
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8.5*******
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8.6*******
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8.7*******
    2.3ApplicationKonstanty BialkowskiLibmodplug0.8.8*******
    2.3ApplicationKonstanty BialkowskiLibmodplug********0.8.8.1

Vulnerable Software List

VendorProductVersions
Konstanty Bialkowski Libmodplug *, 0.8, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091CONFIRMPatch
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef259828a89bb00c2e6f78e89de7363b2237bhttp://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef2CONFIRMPatch
[oss-security] 20110411 Re: CVE request for libmodplughttp://openwall.com/lists/oss-security/2011/04/11/13MLISTExploit Patch
[oss-security] 20110411 CVE request for libmodplughttp://openwall.com/lists/oss-security/2011/04/11/6MLISTExploit Patch
44870http://secunia.com/advisories/44870SECUNIA
48434http://secunia.com/advisories/48434SECUNIA
8243http://securityreason.com/securityalert/8243SREASON
1025480http://securitytracker.com/id?1025480SECTRACK
DSA-2226http://www.debian.org/security/2011/dsa-2226DEBIAN
GLSA-201203-16http://www.gentoo.org/security/en/glsa/glsa-201203-16.xmlGENTOO
MDVSA-2011:085http://www.mandriva.com/security/advisories?name=MDVSA-2011:085MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=695420https://bugzilla.redhat.com/show_bug.cgi?id=695420CONFIRMExploit Patch
RHSA-2011:0477https://rhn.redhat.com/errata/RHSA-2011-0477.htmlREDHAT
https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txthttps://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txtMISCExploit
USN-1148-1https://www.ubuntu.com/usn/USN-1148-1/UBUNTU