PT-2018-2343 · Openmpt+2 · Openmpt+3

Saga Musix

Publicado

2018-04-07

Atualizado

2021-03-15

CVE-2018-10017

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenMPT versions prior to 1.27.07.00 libopenmpt versions prior to 0.3.8

Description The issue is related to a buffer overflow and out-of-bounds read in the soundlib/Snd fx.cpp file of OpenMPT and libopenmpt. This can be exploited by a remote attacker to cause a denial of service when processing a specially crafted IT or MO3 file containing multiple nested looped patterns.

Recommendations For OpenMPT versions prior to 1.27.07.00, update to version 1.27.07.00 or later to resolve the issue. For libopenmpt versions prior to 0.3.8, update to version 0.3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of IT and MO3 files with nested pattern loops until a patch is applied.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2019-00509

CVE-2018-10017

OPENSUSE-SU-2018_2015-1

OPENSUSE-SU-2024:10965-1

SUSE-SU-2018:1951-1

SUSE-SU-2018_1951-1

USN-4831-1

Produtos afetados

Openmpt

Suse

Ubuntu

Libopenmpt

PT-2018-2343 · Openmpt+2 · Openmpt+3

CVE-2018-10017

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21