Home

Description

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.

PUBLISHED Reserved 2025-08-18 | Published 2025-08-20 | Updated 2025-08-20 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unknown

*
affected

Credits

Brandon Murphy finder

References

www.fortiguard.com/encyclopedia/ips/26849 third-party-advisory

raw.githubusercontent.com/...t/subtitle_processor_m3u_bof.rb exploit

www.exploit-db.com/exploits/17217 exploit

www.exploit-db.com/exploits/17225 exploit

sourceforge.net/projects/subtitleproc/ product

www.vulncheck.com/...ocessor-m3u-seh-unicode-buffer-overflow third-party-advisory

cve.org (CVE-2011-10025)

nvd.nist.gov (CVE-2011-10025)

Download JSON