CVE-2019-14524Out-of-bounds Write in Schism Tracker

CWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schismtracker Schism TrackerOpensuse BackportsOpensuse Leap
Timeline
PublishedAug 2
Latest updateMay 24

Description

An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDopensuse/leap15.0, 15.1+1
NVDopensuse/backportssle-15

🔴Vulnerability Details

3
GHSA
GHSA-vc6v-5gxv-xp37: An issue was discovered in Schism Tracker through 201907222022-05-24
CVEList
CVE-2019-14524: An issue was discovered in Schism Tracker through 201907222019-08-02
OSV
CVE-2019-14524: An issue was discovered in Schism Tracker through 201907222019-08-02

📋Vendor Advisories

1
Debian
CVE-2019-14524: schism - An issue was discovered in Schism Tracker through 20190722. There is a heap-base...2019

💬Community

2
Bugzilla
CVE-2019-14524 schismtracker: heap-based buffer overflow in function fmt_mtm_load_song in fmt/mtm.c [fedora-all]2019-08-13
Bugzilla
CVE-2019-14524 schismtracker: heap-based buffer overflow in function fmt_mtm_load_song in fmt/mtm.c2019-08-13
CVE-2019-14524 — Out-of-bounds Write in Schism Tracker | cvebase