Skip to main content

Libopenmpt

9 CVEs product

Monthly

CVE-2019-17113 CRITICAL PATCH Act Now

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libopenmpt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-14383 MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-14382 MEDIUM PATCH This Month

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-14380 MEDIUM PATCH This Month

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libopenmpt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-14381 HIGH This Week

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libopenmpt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-11710 HIGH PATCH This Week

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Libopenmpt
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-10017 MEDIUM PATCH This Month

soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Libopenmpt Openmpt
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-6611 HIGH PATCH This Week

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libopenmpt Openmpt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-11311 HIGH PATCH This Week

soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Libopenmpt Openmpt
NVD
CVSS 3.0
7.8
EPSS
1.2%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libopenmpt
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libopenmpt +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libopenmpt
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libopenmpt +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Libopenmpt +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy