Unrated severityNVD Advisory· Published Jun 7, 2012· Updated Apr 29, 2026

CVE-2011-2913

Description

Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.

Affected products

Konstanty Bialkowski/Libmodplug9 versions
cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*range: <=0.8.8.3
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/45131nvdVendor Advisory
secunia.com/advisories/45658nvdVendor Advisory
secunia.com/advisories/45742nvdVendor Advisory
secunia.com/advisories/45901nvdVendor Advisory
secunia.com/advisories/46032nvdVendor Advisory
secunia.com/advisories/46043nvdVendor Advisory
secunia.com/advisories/46793nvdVendor Advisory
secunia.com/advisories/48058nvdVendor Advisory
secunia.com/advisories/48434nvdVendor Advisory
secunia.com/advisories/48439nvdVendor Advisory
jira.atheme.org/browse/AUDPLUG-394nvd
lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.htmlnvd
lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.htmlnvd
modplug-xmms.git.sourceforge.net/git/gitweb.cginvd
rhn.redhat.com/errata/RHSA-2011-1264.htmlnvd
sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/nvd
ubuntu.com/usn/usn-1255-1nvd
www.debian.org/security/2012/dsa-2415nvd
www.gentoo.org/security/en/glsa/glsa-201203-14.xmlnvd
www.gentoo.org/security/en/glsa/glsa-201203-16.xmlnvd
www.openwall.com/lists/oss-security/2011/08/10/4nvd
www.openwall.com/lists/oss-security/2011/08/12/4nvd
www.osvdb.org/74210nvd
www.securityfocus.com/bid/48979nvd
exchange.xforce.ibmcloud.com/vulnerabilities/68985nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000