Vulnerability Details CVE-2018-6611
soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/OpenMPT/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3
- https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
- https://github.com/OpenMPT/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3
- https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
Products affected by CVE-2018-6611
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10049
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10172
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10495
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10635
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10859
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10933
-
cpe:2.3:a:openmpt:libopenmpt:0.2.11253
-
cpe:2.3:a:openmpt:libopenmpt:0.2.11539
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3532
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3566
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3746
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3773
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4115
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4238
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4259
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4664
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4667
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4764
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4943
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4954
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5486
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5602
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5705
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5787
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6401
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6611
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6664
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6774
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7025
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7299
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7386
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7559
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7561
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7774
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8043
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8190
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8414
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8461
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8760
-
cpe:2.3:a:openmpt:libopenmpt:0.2.9227
-
cpe:2.3:a:openmpt:libopenmpt:0.2.95422
-
cpe:2.3:a:openmpt:libopenmpt:0.2.9913
-
cpe:2.3:a:openmpt:libopenmpt:0.3.0
-
cpe:2.3:a:openmpt:libopenmpt:0.3.1
-
cpe:2.3:a:openmpt:libopenmpt:0.3.2
-
cpe:2.3:a:openmpt:libopenmpt:0.3.3
-
cpe:2.3:a:openmpt:libopenmpt:0.3.4
-
cpe:2.3:a:openmpt:libopenmpt:0.3.5
-
cpe:2.3:a:openmpt:openmpt:1.16.0213a
-
cpe:2.3:a:openmpt:openmpt:1.16.0214a
-
cpe:2.3:a:openmpt:openmpt:1.16.0215a
-
cpe:2.3:a:openmpt:openmpt:1.17
-
cpe:2.3:a:openmpt:openmpt:1.17.02.41
-
cpe:2.3:a:openmpt:openmpt:1.17.02.42
-
cpe:2.3:a:openmpt:openmpt:1.17.02.43
-
cpe:2.3:a:openmpt:openmpt:1.17.02.44
-
cpe:2.3:a:openmpt:openmpt:1.17.02.45
-
cpe:2.3:a:openmpt:openmpt:1.17.02.46
-
cpe:2.3:a:openmpt:openmpt:1.17.02.47
-
cpe:2.3:a:openmpt:openmpt:1.17.02.48
-
cpe:2.3:a:openmpt:openmpt:1.17.02.49
-
cpe:2.3:a:openmpt:openmpt:1.17.02.50
-
cpe:2.3:a:openmpt:openmpt:1.17.02.51
-
cpe:2.3:a:openmpt:openmpt:1.17.02.52
-
cpe:2.3:a:openmpt:openmpt:1.17.02.53
-
cpe:2.3:a:openmpt:openmpt:1.17.02.54
-
cpe:2.3:a:openmpt:openmpt:1.17.03.02
-
cpe:2.3:a:openmpt:openmpt:1.18.00.00
-
cpe:2.3:a:openmpt:openmpt:1.18.02.00
-
cpe:2.3:a:openmpt:openmpt:1.18.03.00
-
cpe:2.3:a:openmpt:openmpt:1.19.01.00
-
cpe:2.3:a:openmpt:openmpt:1.19.02.00
-
cpe:2.3:a:openmpt:openmpt:1.19.03.00
-
cpe:2.3:a:openmpt:openmpt:1.19.04.00
-
cpe:2.3:a:openmpt:openmpt:1.20.01.00
-
cpe:2.3:a:openmpt:openmpt:1.20.02.00
-
cpe:2.3:a:openmpt:openmpt:1.20.03.00
-
cpe:2.3:a:openmpt:openmpt:1.20.04.00
-
cpe:2.3:a:openmpt:openmpt:1.21.01.00
-
cpe:2.3:a:openmpt:openmpt:1.22.01.00
-
cpe:2.3:a:openmpt:openmpt:1.22.02.00
-
cpe:2.3:a:openmpt:openmpt:1.22.03.00
-
cpe:2.3:a:openmpt:openmpt:1.22.04.00
-
cpe:2.3:a:openmpt:openmpt:1.22.05.00
-
cpe:2.3:a:openmpt:openmpt:1.22.06.00
-
cpe:2.3:a:openmpt:openmpt:1.22.07.00
-
cpe:2.3:a:openmpt:openmpt:1.23.01.00
-
cpe:2.3:a:openmpt:openmpt:1.23.02.00
-
cpe:2.3:a:openmpt:openmpt:1.23.03.00
-
cpe:2.3:a:openmpt:openmpt:1.23.04.00
-
cpe:2.3:a:openmpt:openmpt:1.23.05.00
-
cpe:2.3:a:openmpt:openmpt:1.24.01.00
-
cpe:2.3:a:openmpt:openmpt:1.24.02.00
-
cpe:2.3:a:openmpt:openmpt:1.24.03.00
-
cpe:2.3:a:openmpt:openmpt:1.24.04.00
-
cpe:2.3:a:openmpt:openmpt:1.25.01.00
-
cpe:2.3:a:openmpt:openmpt:1.25.02.00
-
cpe:2.3:a:openmpt:openmpt:1.25.03.00
-
cpe:2.3:a:openmpt:openmpt:1.25.04.00
-
cpe:2.3:a:openmpt:openmpt:1.26.01.00
-
cpe:2.3:a:openmpt:openmpt:1.26.02.00
-
cpe:2.3:a:openmpt:openmpt:1.26.03.00
-
cpe:2.3:a:openmpt:openmpt:1.26.04.00
-
cpe:2.3:a:openmpt:openmpt:1.26.05.00
-
cpe:2.3:a:openmpt:openmpt:1.26.06.00
-
cpe:2.3:a:openmpt:openmpt:1.26.07.00
-
cpe:2.3:a:openmpt:openmpt:1.26.08.00
-
cpe:2.3:a:openmpt:openmpt:1.26.09.00
-
cpe:2.3:a:openmpt:openmpt:1.26.10.00
-
cpe:2.3:a:openmpt:openmpt:1.26.11.00
-
cpe:2.3:a:openmpt:openmpt:1.26.12.00
-
cpe:2.3:a:openmpt:openmpt:1.26.13.00
-
cpe:2.3:a:openmpt:openmpt:1.26.14.00
-
cpe:2.3:a:openmpt:openmpt:1.27.01.00
-
cpe:2.3:a:openmpt:openmpt:1.27.02.00
-
cpe:2.3:a:openmpt:openmpt:1.27.03.00
-
cpe:2.3:a:openmpt:openmpt:1.27.04.00