CVE-2011-10025 HIGH

CVE-2011-10025: Subtitle Processor 7.7.1 .m3u SEH Unicode Buffer Overflow

Vendor Subtitle Processor
Product Subtitle Processor
Weakness CWE-120
Published August 20, 2025
Last update May 15, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
May 15, 2026 Record updated