CVE-2011-3343

OpenTTD < 1.1.3 - Denial of Service via Crafted BMP File

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.

References (9)

Core 9
Core References
Various Sources x_refsource_confirm
http://security.openttd.org/en/CVE-2011-3343
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46075
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2386
Patch x_refsource_confirm
http://bugs.openttd.org/task/4746
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/02/4
Patch x_refsource_confirm
http://bugs.openttd.org/task/4747
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49439
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/06/2

Scores

EPSS 0.0038
EPSS Percentile 30.1%

Details

CWE
CWE-119
Status published
Products (28)
openttd/openttd 0.1.1
openttd/openttd 0.1.2
openttd/openttd 0.1.3
openttd/openttd 0.1.4
openttd/openttd 0.2.0
openttd/openttd 0.2.1
openttd/openttd 0.3.0
openttd/openttd 0.3.1
openttd/openttd 0.3.2
openttd/openttd 0.3.2.1
... and 18 more
Published Sep 08, 2011
Tracked Since Feb 18, 2026