CVE-2011-10022 HIGH

CVE-2011-10022: SPlayer 3.7 Content-Type Header Buffer Overflow

Vendor Splayer Project
Product SPlayer
Weakness CWE-120
Published August 20, 2025
Last update May 15, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
May 15, 2026 Record updated