Openmpt: >> Libopenmpt >> 0.3.8 Security Vulnerabilities
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-10-04
libopenmpt before 0.3.13 allows a crash with malformed MED files.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-30
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-30
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-30
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-07-30
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-30
libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-07-30
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-06-04