Description
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎.

This issue affects modizer: before v4.3.
Published: 2026-03-24
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A heap buffer overflow has been identified in yoyofr modizer’s libraries, where an improper restriction of operations within a memory buffer permits memory overwrite beyond intended bounds. This flaw can be leveraged to execute arbitrary code, potentially allowing attackers to gain full control of the affected system. The weakness corresponds to the Common Weakness Enumeration CWE‑119.

Affected Systems

The vulnerability impacts yoyofr modizer installations prior to version 4.3, specifically those including the affected libopenmpt/openmpt‑trunk libraries and modules that process program files such as imap.C.

Risk and Exploitability

The CVSS score of 9.4 categorizes this issue as critical, indicating a severe impact if exploited. EPSS data and KEV listing are not available, leaving the exact exploitation probability unknown, but the high severity warrants immediate attention. The described attack likely requires manipulation of program files like imap.C to trigger the overflow; therefore the attack vector is inferred to be local or dependent on the attacker’s ability to control such files.

Generated by OpenCVE AI on March 24, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade yoyofr modizer to version 4.3 or newer.
  • Apply the patch introduced in pull request https://github.com/yoyofr/modizer/pull/141.
  • Verify that no tampered or malicious imap.C files exist in the installation and replace them if necessary.
  • Maintain monitoring for anomalous activity related to modizer processes.

Generated by OpenCVE AI on March 24, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/yoyofr/modizer/pull/141 cve-icon cve-icon
History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Yoyofr
Yoyofr modizer
Vendors & Products Yoyofr
Yoyofr modizer

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎. This issue affects modizer: before v4.3.
Title Heap Buffer Overflow in yoyofr/modizer
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:Y/R:U/V:D/RE:L/U:Clear'}

Subscriptions

Yoyofr Modizer
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:37:08.508Z

Reserved: 2026-03-24T03:02:46.980Z

Link: CVE-2026-4734

cve-icon Vulnrichment

Updated: 2026-03-24T14:37:05.580Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:25.937

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4734

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:23Z

Weaknesses