Home

Description

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.

PUBLISHED Reserved 2025-08-18 | Published 2025-08-20 | Updated 2025-08-20 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

*
affected

Credits

xsploitedsec finder

References

raw.githubusercontent.com/...ws/misc/splayer_content_type.rb exploit

www.exploit-db.com/exploits/17243 exploit

www.exploit-db.com/exploits/17268 exploit

www.splayer.org/ product

www.vulncheck.com/...yer-content-type-header-buffer-overflow third-party-advisory

cve.org (CVE-2011-10022)

nvd.nist.gov (CVE-2011-10022)

Download JSON