PT-2025-19987 · Libxmp+2 · Libxmp+2
Gareth C
·
Published
2025-05-05
·
Updated
2025-05-12
·
CVE-2025-47256
CVSS v3.1
5.6
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Libxmp versions 4.6.2 and earlier
Description
The issue is a stack-based buffer overflow in the
depack pha function in loaders/prowizard/pha.c, which occurs when processing a malformed Pha format tracker module in a .mod file.Recommendations
For Libxmp versions 4.6.2 and earlier, consider restricting the use of the
depack pha function in loaders/prowizard/pha.c until a patch is available. Avoid using the pha.c loader with untrusted .mod files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Libxmp