CVE-2011-2911

Name of the Vulnerable Software and Affected Versions libmodplug versions prior to 0.8.8.4

Description The issue is related to multiple vulnerabilities in the libmodplug package, which can be exploited remotely. This exploitation may lead to a breach of confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the CSoundFile::ReadWav function in src/load wav.cpp can cause a denial of service and potentially allow the execution of arbitrary code via a crafted WAV file, triggering a heap-based buffer overflow.

Recommendations For versions prior to 0.8.8.4, update to version 0.8.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to WAV files or disabling the CSoundFile::ReadWav function until a patch is applied. Avoid using the CSoundFile::ReadWav function with untrusted WAV files until the issue is resolved.