Debian Libopenmpt vulnerabilities

CVE-2019-17113 [CRITICAL] CVE-2019-17113: libopenmpt - In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and M... In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. Scope: local bookworm: resolved (fixed in 0.4.9-1) bullseye: resolved (fixed in 0.4.9-1) forky: resolved (fixed in 0.4.9-1) sid: re

CVE-2019-14381 [HIGH] CVE-2019-14381: libopenmpt - libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when do... libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. Scope: local bookworm: resolved (fixed in 0.4.3-1) bullseye: resolved (fixed in 0.4.3-1) forky: resolved (fixed in 0.4.3-1) sid: resolved (fixed in 0.4.3-1) trixie: resolved (fixed in 0.4.3-1)

CVE-2019-14383 [MEDIUM] CVE-2019-14383: libopenmpt - J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing w... J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Scope: local bookworm: resolved (fixed in 0.4.2-1) bullseye: resolved (fixed in 0.4.2-1) forky: resolved (fixed in 0.4.2-1) sid: resolved (fixed in 0.4.2-1) trixie: resolved (fixed in 0.4.2-1)

CVE-2019-14380 [MEDIUM] CVE-2019-14380: libopenmpt - libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds r... libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Scope: local bookworm: resolved (fixed in 0.4.5-1) bullseye: resolved (fixed in 0.4.5-1) forky: resolved (fixed in 0.4.5-1) sid: resolved (fixed in 0.4.5-1) trixie: resolved (fixed in 0.4.5-1)

CVE-2019-14382 [MEDIUM] CVE-2019-14382: libopenmpt - DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing w... DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Scope: local bookworm: resolved (fixed in 0.4.2-1) bullseye: resolved (fixed in 0.4.2-1) forky: resolved (fixed in 0.4.2-1) sid: resolved (fixed in 0.4.2-1) trixie: resolved (fixed in 0.4.2-1)

CVE-2018-11710 [HIGH] CVE-2018-11710: libopenmpt - soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a... soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation. Scope: local bookworm: resolved (fixed in 0.3.9-1) bullseye: resolved (fixed in 0.3.9-1) forky: resolved (f

CVE-2018-6611 [HIGH] CVE-2018-6611: libopenmpt - soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6... soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. Scope: local bookworm: resolved (fixed in 0.3.6-1) bullseye: resolved (fixed in 0.3.6-1) forky: resolved (fixed in 0.3.6-1) sid: resolved (fixed in 0.3.6-1) trixie: resolved (fixed in 0.3.6-1)

CVE-2018-10017 [MEDIUM] CVE-2018-10017: libopenmpt - soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 all... soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. Scope: local bookworm: resolved (fixed in 0.3.8-1) bullseye: resolved (fixed in 0.3.8-1) forky: resolved (fixed in 0.3.8-1) sid: resolved (fixed in 0.3.8-1) t

CVE-2018-20861 [MEDIUM] CVE-2018-20861: libopenmpt - libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in... libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. Scope: local bookworm: resolved (fixed in 0.3.11-1) bullseye: resolved (fixed in 0.3.11-1) forky: resolved (fixed in 0.3.11-1) sid: resolved (fixed in 0.3.11-1) trixie: resolved (fixed in 0.3.11-1)

CVE-2018-20860 [MEDIUM] CVE-2018-20860: libopenmpt - libopenmpt before 0.3.13 allows a crash with malformed MED files. libopenmpt before 0.3.13 allows a crash with malformed MED files. Scope: local bookworm: resolved (fixed in 0.3.13-1) bullseye: resolved (fixed in 0.3.13-1) forky: resolved (fixed in 0.3.13-1) sid: resolved (fixed in 0.3.13-1) trixie: resolved (fixed in 0.3.13-1)

CVE-2017-11311 [HIGH] CVE-2017-11311: libopenmpt - soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.84... soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples. Scope: local bookworm: resolved (fixed in 0.2.8461~beta26-1) bullseye: resolved (fixed in 0.2.8461~beta26-1) forky: re