BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 02 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Bsplayer
Bsplayer bs.player
Vendors & Products Bsplayer
Bsplayer bs.player

Sat, 30 Aug 2025 14:00:00 +0000

Type Values Removed Values Added
Description BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.
Title BS.Player 2.57 Buffer Overflow via M3U Playlist Import
Weaknesses CWE-120
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-09-02T20:46:33.092Z

Reserved: 2025-08-28T18:52:07.873Z

Link: CVE-2010-10016

cve-icon Vulnrichment

Updated: 2025-09-02T20:46:29.021Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-30T14:15:37.180

Modified: 2025-09-02T15:55:25.420

Link: CVE-2010-10016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:31Z