rpm package
suse/libopenmpt&distro=SUSE Linux Enterprise Module for Desktop Applications 15
pkg:rpm/suse/libopenmpt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17113 | — | < 0.3.19-2.10.1 | 0.3.19-2.10.1 | Oct 3, 2019 | In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. | ||
| CVE-2019-14382 | — | < 0.3.17-2.7.1 | 0.3.17-2.7.1 | Jul 30, 2019 | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||
| CVE-2019-14383 | — | < 0.3.17-2.7.1 | 0.3.17-2.7.1 | Jul 30, 2019 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||
| CVE-2018-20860 | — | < 0.3.17-2.7.1 | 0.3.17-2.7.1 | Jul 30, 2019 | libopenmpt before 0.3.13 allows a crash with malformed MED files. | ||
| CVE-2018-20861 | — | < 0.3.17-2.7.1 | 0.3.17-2.7.1 | Jul 30, 2019 | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | ||
| CVE-2018-11710 | Hig | 8.8 | < 0.3.9-3.3.1 | 0.3.9-3.3.1 | Jun 4, 2018 | soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation. | |
| CVE-2018-10017 | Med | 6.5 | < 0.3.9-3.3.1 | 0.3.9-3.3.1 | Apr 11, 2018 | soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. |
- CVE-2019-17113Oct 3, 2019affected < 0.3.19-2.10.1fixed 0.3.19-2.10.1
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
- CVE-2019-14382Jul 30, 2019affected < 0.3.17-2.7.1fixed 0.3.17-2.7.1
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
- CVE-2019-14383Jul 30, 2019affected < 0.3.17-2.7.1fixed 0.3.17-2.7.1
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
- CVE-2018-20860Jul 30, 2019affected < 0.3.17-2.7.1fixed 0.3.17-2.7.1
libopenmpt before 0.3.13 allows a crash with malformed MED files.
- CVE-2018-20861Jul 30, 2019affected < 0.3.17-2.7.1fixed 0.3.17-2.7.1
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
- affected < 0.3.9-3.3.1fixed 0.3.9-3.3.1
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
- affected < 0.3.9-3.3.1fixed 0.3.9-3.3.1
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.