CVE-2018-11710Out-of-bounds Write in Libopenmpt

CWE-787Out-of-bounds Write5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 31.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openmpt LibopenmptDebian Libopenmpt
Timeline
PublishedJun 4
Latest updateMay 14

Description

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/libopenmpt< libopenmpt 0.3.9-1 (bookworm)
NVDopenmpt/libopenmpt< 0.3.9
Debianopenmpt/libopenmpt< 0.3.9-1+3

Patches

Patch: lib.openmpt.orgPatch: lib.openmpt.org

🔴Vulnerability Details

2
GHSA
GHSA-2vmh-83hf-jfxj: soundlib/pattern2022-05-14
OSV
CVE-2018-11710: soundlib/pattern2018-06-04

📋Vendor Advisories

2
Ubuntu
OpenMPT vulnerabilities2021-03-15
Debian
CVE-2018-11710: libopenmpt - soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a...2018
CVE-2018-11710 — Out-of-bounds Write in Libopenmpt | cvebase