Openmpt » Libopenmpt : Security Vulnerabilities, CVEs,
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
Max CVSS
9.8
EPSS Score
1.22%
Published
2019-10-04
Updated
2020-08-02
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Max CVSS
6.5
EPSS Score
0.28%
Published
2019-07-30
Updated
2023-03-03
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Max CVSS
6.5
EPSS Score
0.24%
Published
2019-07-30
Updated
2023-03-03
libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.
Max CVSS
7.5
EPSS Score
0.15%
Published
2019-07-30
Updated
2019-08-05
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-07-30
Updated
2023-03-03
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-07-30
Updated
2019-09-29
libopenmpt before 0.3.13 allows a crash with malformed MED files.
Max CVSS
6.5
EPSS Score
0.15%
Published
2019-07-30
Updated
2023-03-03
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
Max CVSS
8.8
EPSS Score
0.28%
Published
2018-06-04
Updated
2018-07-16
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.
Max CVSS
6.5
EPSS Score
0.57%
Published
2018-04-11
Updated
2020-10-15
soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.
Max CVSS
8.8
EPSS Score
0.29%
Published
2018-02-04
Updated
2020-10-15
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
Max CVSS
7.8
EPSS Score
0.28%
Published
2017-07-17
Updated
2017-07-27
11 vulnerabilities found