{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4734", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:02:46.980Z", "datePublished": "2026-03-24T03:05:39.360Z", "dateUpdated": "2026-03-24T14:37:08.508Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:05:39.360Z"}, "title": "Heap Buffer Overflow in yoyofr/modizer", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "yoyofr", "product": "modizer", "collectionURL": "https://github.com/yoyofr/modizer", "modules": ["libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib"], "programFiles": ["imap.c\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "v4.3", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C\u200e.\n\nThis issue affects modizer: before v4.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules).<p> This vulnerability is associated with program files imap.C\u200e.</p><p>This issue affects modizer: before v4.3.</p>"}]}], "references": [{"url": "https://github.com/yoyofr/modizer/pull/141", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "ATTACKED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.4, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:Y/R:U/V:D/RE:L/U:Clear"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:37:02.404349Z", "id": "CVE-2026-4734", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:37:08.508Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4734", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:02:46.980Z", "datePublished": "2026-03-24T03:05:39.360Z", "dateUpdated": "2026-03-24T14:37:08.508Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:05:39.360Z"}, "title": "Heap Buffer Overflow in yoyofr/modizer", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "yoyofr", "product": "modizer", "collectionURL": "https://github.com/yoyofr/modizer", "modules": ["libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib"], "programFiles": ["imap.c\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "v4.3", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C\u200e.\n\nThis issue affects modizer: before v4.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules).<p> This vulnerability is associated with program files imap.C\u200e.</p><p>This issue affects modizer: before v4.3.</p>"}]}], "references": [{"url": "https://github.com/yoyofr/modizer/pull/141", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "ATTACKED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.4, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:Y/R:U/V:D/RE:L/U:Clear"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4734", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:37:02.404349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:37:05.580Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C\u200e.\n\nThis issue affects modizer: before v4.3."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en yoyofr modizer (m\u00f3dulos libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa imap.C?.\n\nEste problema afecta a modizer: anterior a la v4.3."}], "id": "CVE-2026-4734", "lastModified": "2026-04-30T16:01:57.470", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "CLEAR", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:25.937", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/yoyofr/modizer/pull/141"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v4.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "modizer", "source": "cna", "vendor": "yoyofr"}, "product": "modizer", "vendor": "yoyofr"}], "analysis": {"en": {"generated_at": "2026-03-24T04:22:38.205760+00:00", "value": {"mitigation_remediation": ["Upgrade yoyofr modizer to version 4.3 or newer. ", "Apply the patch introduced in pull request https://github.com/yoyofr/modizer/pull/141. ", "Verify that no tampered or malicious imap.C files exist in the installation and replace them if necessary. ", "Maintain monitoring for anomalous activity related to modizer processes."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts yoyofr modizer installations prior to version 4.3, specifically those including the affected libopenmpt/openmpt\u2011trunk libraries and modules that process program files such as imap.C.", "description_and_impact": "A heap buffer overflow has been identified in yoyofr modizer\u2019s libraries, where an improper restriction of operations within a memory buffer permits memory overwrite beyond intended bounds. This flaw can be leveraged to execute arbitrary code, potentially allowing attackers to gain full control of the affected system. The weakness corresponds to the Common Weakness Enumeration CWE\u2011119.", "risk_and_exploitability": "The CVSS score of 9.4 categorizes this issue as critical, indicating a severe impact if exploited. EPSS data and KEV listing are not available, leaving the exact exploitation probability unknown, but the high severity warrants immediate attention. The described attack likely requires manipulation of program files like imap.C to trigger the overflow; therefore the attack vector is inferred to be local or dependent on the attacker\u2019s ability to control such files."}}}}, "created": "2026-03-24T10:29:18.215393+00:00", "updated": "2026-03-25T20:40:23.409214+00:00", "vendors": ["yoyofr", "yoyofr$PRODUCT$modizer"]}