Openmpt
Products
2- 11 CVEs
- 4 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11710 | Hig | 0.57 | 8.8 | 0.02 | Jun 4, 2018 | soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation. | ||
| CVE-2017-11311 | Hig | 0.51 | 7.8 | 0.02 | Jul 17, 2017 | soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples. | ||
| CVE-2019-14381 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2019 | libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. | ||
| CVE-2019-14383 | Med | 0.42 | 6.5 | 0.01 | Jul 30, 2019 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||
| CVE-2019-14382 | Med | 0.42 | 6.5 | 0.01 | Jul 30, 2019 | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||
| CVE-2019-14380 | Med | 0.42 | 6.5 | 0.01 | Jul 30, 2019 | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. | ||
| CVE-2018-20861 | Med | 0.42 | 6.5 | 0.01 | Jul 30, 2019 | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | ||
| CVE-2018-20860 | Med | 0.42 | 6.5 | 0.01 | Jul 30, 2019 | libopenmpt before 0.3.13 allows a crash with malformed MED files. | ||
| CVE-2006-4192 | 0.04 | — | 0.08 | Aug 17, 2006 | Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the… | |||
| CVE-2019-17113 | Cri | 0.00 | 9.8 | 0.03 | Oct 4, 2019 | In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. | ||
| CVE-2018-10017 | Med | 0.00 | 6.5 | 0.02 | Apr 11, 2018 | soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. | ||
| CVE-2018-6611 | Hig | 0.00 | 8.8 | 0.01 | Feb 4, 2018 | soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. |
- risk 0.57cvss 8.8epss 0.02
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
- risk 0.51cvss 7.8epss 0.02
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
- risk 0.49cvss 7.5epss 0.01
libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.
- risk 0.42cvss 6.5epss 0.01
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
- risk 0.42cvss 6.5epss 0.01
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
- risk 0.42cvss 6.5epss 0.01
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.
- risk 0.42cvss 6.5epss 0.01
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
- risk 0.42cvss 6.5epss 0.01
libopenmpt before 0.3.13 allows a crash with malformed MED files.
- CVE-2006-4192Aug 17, 2006risk 0.04cvss —epss 0.08
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the…
- risk 0.00cvss 9.8epss 0.03
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
- risk 0.00cvss 6.5epss 0.02
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.
- risk 0.00cvss 8.8epss 0.01
soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.