CVE-2018-6611

Name of the Vulnerable Software and Affected Versions OpenMPT versions prior to 1.27.04.00 libopenmpt versions prior to 0.3.6

Description The issue is caused by an out-of-bounds read that occurs when processing a malformed STP file in the soundlib/Load stp.cpp component. This can potentially lead to information disclosure or other security issues.

Recommendations For OpenMPT versions prior to 1.27.04.00, update to version 1.27.04.00 or later to resolve the issue. For libopenmpt versions prior to 0.3.6, update to version 0.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of malformed STP files until a patch is applied.