Home

Description

BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.

PUBLISHED Reserved 2025-08-28 | Published 2025-08-30 | Updated 2025-09-02 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unknown

*
affected

Credits

C4SS!0 G0M3S finder

References

raw.githubusercontent.com/...dows/fileformat/bsplayer_m3u.rb exploit

www.exploit-db.com/exploits/15934 exploit

www.exploit-db.com/exploits/18375 exploit

www.bsplayer.com/ product

www.vulncheck.com/...buffer-overflow-via-m3u-playlist-import third-party-advisory

cve.org (CVE-2010-10016)

nvd.nist.gov (CVE-2010-10016)

Download JSON