PT-2018-2343 · Openmpt+2 · Openmpt+3

Saga Musix

Published

2018-04-07

Updated

2021-03-15

CVE-2018-10017

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenMPT versions prior to 1.27.07.00 libopenmpt versions prior to 0.3.8

Description The issue is related to a buffer overflow and out-of-bounds read in the soundlib/Snd fx.cpp file of OpenMPT and libopenmpt. This can be exploited by a remote attacker to cause a denial of service when processing a specially crafted IT or MO3 file containing multiple nested looped patterns.

Recommendations For OpenMPT versions prior to 1.27.07.00, update to version 1.27.07.00 or later to resolve the issue. For libopenmpt versions prior to 0.3.8, update to version 0.3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of IT and MO3 files with nested pattern loops until a patch is applied.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2019-00509

CVE-2018-10017

OPENSUSE-SU-2018_2015-1

OPENSUSE-SU-2024:10965-1

SUSE-SU-2018:1951-1

SUSE-SU-2018_1951-1

USN-4831-1

Affected Products

Openmpt

Suse

Ubuntu

Libopenmpt

PT-2018-2343 · Openmpt+2 · Openmpt+3

CVE-2018-10017

Weakness Enumeration

Related Identifiers

Affected Products

References · 21