Sagamusix

**Name of the Vulnerable Software and Affected Versions** libopenmpt versions prior to 0.3.9 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, or possibly have other unspecified impacts. This is achieved through a crafted AMS file, which exploits an invalid write near address 0 in an out-of-memory situation. **Recommendations** For versions prior to 0.3.9, update to version 0.3.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted AMS files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenMPT versions prior to 1.27.04.00 libopenmpt versions prior to 0.3.6 **Description** The issue is caused by an out-of-bounds read that occurs when processing a malformed STP file in the soundlib/Load stp.cpp component. This can potentially lead to information disclosure or other security issues. **Recommendations** For OpenMPT versions prior to 1.27.04.00, update to version 1.27.04.00 or later to resolve the issue. For libopenmpt versions prior to 0.3.6, update to version 0.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of malformed STP files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenMPT versions prior to 1.26.12.00 libopenmpt versions prior to 0.2.8461-beta26 **Description** The issue is related to a heap buffer overflow that could potentially lead to arbitrary code execution. This occurs when a crafted PSM file is used, causing the same sample slot to be used for two samples. **Recommendations** For OpenMPT versions prior to 1.26.12.00, update to version 1.26.12.00 or later to resolve the issue. For libopenmpt versions prior to 0.2.8461-beta26, update to version 0.2.8461-beta26 or later to resolve the issue.