Vulnerability Details CVE-2019-17113
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00044.html
- https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
- https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.3.18...libopenmpt-0.3.19
- https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.4.8...libopenmpt-0.4.9
- https://lists.debian.org/debian-lts-announce/2020/08/msg00003.html
- https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
- https://www.debian.org/security/2020/dsa-4729
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00044.html
- https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
- https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.3.18...libopenmpt-0.3.19
- https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.4.8...libopenmpt-0.4.9
- https://lists.debian.org/debian-lts-announce/2020/08/msg00003.html
- https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
- https://www.debian.org/security/2020/dsa-4729
Products affected by CVE-2019-17113
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10049
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10172
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10495
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10635
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10859
-
cpe:2.3:a:openmpt:libopenmpt:0.2.10933
-
cpe:2.3:a:openmpt:libopenmpt:0.2.11253
-
cpe:2.3:a:openmpt:libopenmpt:0.2.11539
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3532
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3566
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3746
-
cpe:2.3:a:openmpt:libopenmpt:0.2.3773
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4115
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4238
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4259
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4664
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4667
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4764
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4943
-
cpe:2.3:a:openmpt:libopenmpt:0.2.4954
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5486
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5602
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5705
-
cpe:2.3:a:openmpt:libopenmpt:0.2.5787
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6401
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6611
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6664
-
cpe:2.3:a:openmpt:libopenmpt:0.2.6774
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7025
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7299
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7386
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7559
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7561
-
cpe:2.3:a:openmpt:libopenmpt:0.2.7774
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8043
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8190
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8414
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8461
-
cpe:2.3:a:openmpt:libopenmpt:0.2.8760
-
cpe:2.3:a:openmpt:libopenmpt:0.2.9227
-
cpe:2.3:a:openmpt:libopenmpt:0.2.95422
-
cpe:2.3:a:openmpt:libopenmpt:0.2.9913
-
cpe:2.3:a:openmpt:libopenmpt:0.3.0
-
cpe:2.3:a:openmpt:libopenmpt:0.3.1
-
cpe:2.3:a:openmpt:libopenmpt:0.3.10
-
cpe:2.3:a:openmpt:libopenmpt:0.3.11
-
cpe:2.3:a:openmpt:libopenmpt:0.3.12
-
cpe:2.3:a:openmpt:libopenmpt:0.3.13
-
cpe:2.3:a:openmpt:libopenmpt:0.3.14
-
cpe:2.3:a:openmpt:libopenmpt:0.3.15
-
cpe:2.3:a:openmpt:libopenmpt:0.3.16
-
cpe:2.3:a:openmpt:libopenmpt:0.3.17
-
cpe:2.3:a:openmpt:libopenmpt:0.3.18
-
cpe:2.3:a:openmpt:libopenmpt:0.3.2
-
cpe:2.3:a:openmpt:libopenmpt:0.3.3
-
cpe:2.3:a:openmpt:libopenmpt:0.3.4
-
cpe:2.3:a:openmpt:libopenmpt:0.3.5
-
cpe:2.3:a:openmpt:libopenmpt:0.3.6
-
cpe:2.3:a:openmpt:libopenmpt:0.3.7
-
cpe:2.3:a:openmpt:libopenmpt:0.3.8
-
cpe:2.3:a:openmpt:libopenmpt:0.3.9
-
cpe:2.3:a:openmpt:libopenmpt:0.4.0
-
cpe:2.3:a:openmpt:libopenmpt:0.4.1
-
cpe:2.3:a:openmpt:libopenmpt:0.4.2
-
cpe:2.3:a:openmpt:libopenmpt:0.4.3
-
cpe:2.3:a:openmpt:libopenmpt:0.4.4
-
cpe:2.3:a:openmpt:libopenmpt:0.4.5
-
cpe:2.3:a:openmpt:libopenmpt:0.4.6
-
cpe:2.3:a:openmpt:libopenmpt:0.4.7
-
cpe:2.3:a:openmpt:libopenmpt:0.4.8