Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-11311 (GCVE-0-2017-11311)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 18:05
VLAI?
EPSS
Summary
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/867579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-13T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/867579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"name": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"name": "https://bugs.debian.org/867579",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/867579"
},
{
"name": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html",
"refsource": "CONFIRM",
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11311",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:05:30.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-11311",
"date": "2026-04-22",
"epss": "0.01203",
"percentile": "0.78969"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11311\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-17T13:18:20.030\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.\"},{\"lang\":\"es\",\"value\":\"En la biblioteca soundlib/Load_psm.cpp en OpenMPT hasta la versi\u00f3n 1.26.12.00 y libopenmpt anterior a versi\u00f3n 0.2.8461-beta26, presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria con la posibilidad de ejecuci\u00f3n de c\u00f3digo arbitraria por medio de un archivo PSM creado que desencadena el uso de la mismo slot de muestra para dos muestras.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openmpt:libopenmpt:*:beta25:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.2.8414\",\"matchCriteriaId\":\"8A83BC1F-7409-4C60-8317-6CEB6D8B9F2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openmpt:openmpt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.26.12.00\",\"matchCriteriaId\":\"B0C5379F-2997-4EE7-8FB6-5E4F20D026F3\"}]}]}],\"references\":[{\"url\":\"https://bugs.debian.org/867579\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.openmpt.org/browse/openmpt/trunk/?rev=6800\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/867579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.openmpt.org/browse/openmpt/trunk/?rev=6800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CNVD-2017-30636
Vulnerability from cnvd - Published: 2017-10-19
VLAI Severity ?
Title
OpenMPT和libopenmpt堆缓冲区溢出漏洞
Description
OpenMPT是一个开源的音频处理程序。libopenmpt是一个跨平台的基于C和C++的音频播放库。
OpenMPT 1.26.12.00及之前的版本和libopenmpt 0.2.8461-beta26之前的版本中的soundlib/Load_psm.cpp文件存在堆缓冲区溢出漏洞。攻击者可借助特制的PSM文件利用该漏洞执行任意代码。
Severity
中
Patch Name
OpenMPT和libopenmpt堆缓冲区溢出漏洞的补丁
Patch Description
OpenMPT是一个开源的音频处理程序。libopenmpt是一个跨平台的基于C和C++的音频播放库。
OpenMPT 1.26.12.00及之前的版本和libopenmpt 0.2.8461-beta26之前的版本中的soundlib/Load_psm.cpp文件存在堆缓冲区溢出漏洞。攻击者可借助特制的PSM文件利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://lib.openmpt.org/libopenmpt/2017/07/07/announce/
Reference
https://bugs.debian.org/867579
Impacted products
| Name | ['OpenMPT OpenMPT <=1.26.12.00', 'OpenMPT libopenmpt <=0.2.8461-beta26'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-11311"
}
},
"description": "OpenMPT\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u97f3\u9891\u5904\u7406\u7a0b\u5e8f\u3002libopenmpt\u662f\u4e00\u4e2a\u8de8\u5e73\u53f0\u7684\u57fa\u4e8eC\u548cC++\u7684\u97f3\u9891\u64ad\u653e\u5e93\u3002\r\n\r\nOpenMPT 1.26.12.00\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548clibopenmpt 0.2.8461-beta26\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684soundlib/Load_psm.cpp\u6587\u4ef6\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PSM\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "sagamusix",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lib.openmpt.org/libopenmpt/2017/07/07/announce/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-30636",
"openTime": "2017-10-19",
"patchDescription": "OpenMPT\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u97f3\u9891\u5904\u7406\u7a0b\u5e8f\u3002libopenmpt\u662f\u4e00\u4e2a\u8de8\u5e73\u53f0\u7684\u57fa\u4e8eC\u548cC++\u7684\u97f3\u9891\u64ad\u653e\u5e93\u3002\r\n\r\nOpenMPT 1.26.12.00\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548clibopenmpt 0.2.8461-beta26\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684soundlib/Load_psm.cpp\u6587\u4ef6\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PSM\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenMPT\u548clibopenmpt\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"OpenMPT OpenMPT \u003c=1.26.12.00",
"OpenMPT libopenmpt \u003c=0.2.8461-beta26"
]
},
"referenceLink": "https://bugs.debian.org/867579",
"serverity": "\u4e2d",
"submitTime": "2017-08-29",
"title": "OpenMPT\u548clibopenmpt\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2017-11311
Vulnerability from fkie_nvd - Published: 2017-07-17 13:18 - Updated: 2025-04-20 01:37
Severity ?
Summary
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/867579 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://source.openmpt.org/browse/openmpt/trunk/?rev=6800 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/867579 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.openmpt.org/browse/openmpt/trunk/?rev=6800 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openmpt | libopenmpt | * | |
| openmpt | openmpt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openmpt:libopenmpt:*:beta25:*:*:*:*:*:*",
"matchCriteriaId": "8A83BC1F-7409-4C60-8317-6CEB6D8B9F2A",
"versionEndIncluding": "0.2.8414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openmpt:openmpt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C5379F-2997-4EE7-8FB6-5E4F20D026F3",
"versionEndIncluding": "1.26.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
},
{
"lang": "es",
"value": "En la biblioteca soundlib/Load_psm.cpp en OpenMPT hasta la versi\u00f3n 1.26.12.00 y libopenmpt anterior a versi\u00f3n 0.2.8461-beta26, presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria con la posibilidad de ejecuci\u00f3n de c\u00f3digo arbitraria por medio de un archivo PSM creado que desencadena el uso de la mismo slot de muestra para dos muestras."
}
],
"id": "CVE-2017-11311",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:20.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/867579"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/867579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9PFV-FQCF-VP62
Vulnerability from github – Published: 2022-05-17 02:24 – Updated: 2022-05-17 02:24
VLAI?
Details
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2017-11311"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-17T13:18:00Z",
"severity": "HIGH"
},
"details": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.",
"id": "GHSA-9pfv-fqcf-vp62",
"modified": "2022-05-17T02:24:50Z",
"published": "2022-05-17T02:24:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11311"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/867579"
},
{
"type": "WEB",
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
},
{
"type": "WEB",
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"type": "WEB",
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-11311
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11311",
"description": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.",
"id": "GSD-2017-11311",
"references": [
"https://www.suse.com/security/cve/CVE-2017-11311.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-11311"
],
"details": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.",
"id": "GSD-2017-11311",
"modified": "2023-12-13T01:21:15.119257Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"name": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"name": "https://bugs.debian.org/867579",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/867579"
},
{
"name": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html",
"refsource": "CONFIRM",
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openmpt:libopenmpt:*:beta25:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.2.8414",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openmpt:openmpt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26.12.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11311"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"name": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision\u0026rev=8438"
},
{
"name": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
},
{
"name": "https://bugs.debian.org/867579",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/867579"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-27T01:30Z",
"publishedDate": "2017-07-17T13:18Z"
}
}
}
OPENSUSE-SU-2024:10965-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenmpt-devel-0.5.11-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: libopenmpt-devel-0.5.11-1.2 on GA media
Description of the patch: These are all security issues fixed in the libopenmpt-devel-0.5.11-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10965
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenmpt-devel-0.5.11-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenmpt-devel-0.5.11-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10965",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10965-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11311 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10017 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11710 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20860 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20861 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14382 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14383 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17113 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17113/"
}
],
"title": "libopenmpt-devel-0.5.11-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10965-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenmpt-devel-0.5.11-1.2.aarch64",
"product": {
"name": "libopenmpt-devel-0.5.11-1.2.aarch64",
"product_id": "libopenmpt-devel-0.5.11-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenmpt0-0.5.11-1.2.aarch64",
"product": {
"name": "libopenmpt0-0.5.11-1.2.aarch64",
"product_id": "libopenmpt0-0.5.11-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenmpt0-32bit-0.5.11-1.2.aarch64",
"product": {
"name": "libopenmpt0-32bit-0.5.11-1.2.aarch64",
"product_id": "libopenmpt0-32bit-0.5.11-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "openmpt123-0.5.11-1.2.aarch64",
"product": {
"name": "openmpt123-0.5.11-1.2.aarch64",
"product_id": "openmpt123-0.5.11-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenmpt-devel-0.5.11-1.2.ppc64le",
"product": {
"name": "libopenmpt-devel-0.5.11-1.2.ppc64le",
"product_id": "libopenmpt-devel-0.5.11-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenmpt0-0.5.11-1.2.ppc64le",
"product": {
"name": "libopenmpt0-0.5.11-1.2.ppc64le",
"product_id": "libopenmpt0-0.5.11-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"product": {
"name": "libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"product_id": "libopenmpt0-32bit-0.5.11-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openmpt123-0.5.11-1.2.ppc64le",
"product": {
"name": "openmpt123-0.5.11-1.2.ppc64le",
"product_id": "openmpt123-0.5.11-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenmpt-devel-0.5.11-1.2.s390x",
"product": {
"name": "libopenmpt-devel-0.5.11-1.2.s390x",
"product_id": "libopenmpt-devel-0.5.11-1.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenmpt0-0.5.11-1.2.s390x",
"product": {
"name": "libopenmpt0-0.5.11-1.2.s390x",
"product_id": "libopenmpt0-0.5.11-1.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenmpt0-32bit-0.5.11-1.2.s390x",
"product": {
"name": "libopenmpt0-32bit-0.5.11-1.2.s390x",
"product_id": "libopenmpt0-32bit-0.5.11-1.2.s390x"
}
},
{
"category": "product_version",
"name": "openmpt123-0.5.11-1.2.s390x",
"product": {
"name": "openmpt123-0.5.11-1.2.s390x",
"product_id": "openmpt123-0.5.11-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenmpt-devel-0.5.11-1.2.x86_64",
"product": {
"name": "libopenmpt-devel-0.5.11-1.2.x86_64",
"product_id": "libopenmpt-devel-0.5.11-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenmpt0-0.5.11-1.2.x86_64",
"product": {
"name": "libopenmpt0-0.5.11-1.2.x86_64",
"product_id": "libopenmpt0-0.5.11-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenmpt0-32bit-0.5.11-1.2.x86_64",
"product": {
"name": "libopenmpt0-32bit-0.5.11-1.2.x86_64",
"product_id": "libopenmpt0-32bit-0.5.11-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "openmpt123-0.5.11-1.2.x86_64",
"product": {
"name": "openmpt123-0.5.11-1.2.x86_64",
"product_id": "openmpt123-0.5.11-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt-devel-0.5.11-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64"
},
"product_reference": "libopenmpt-devel-0.5.11-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt-devel-0.5.11-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le"
},
"product_reference": "libopenmpt-devel-0.5.11-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt-devel-0.5.11-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x"
},
"product_reference": "libopenmpt-devel-0.5.11-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt-devel-0.5.11-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64"
},
"product_reference": "libopenmpt-devel-0.5.11-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-0.5.11-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64"
},
"product_reference": "libopenmpt0-0.5.11-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-0.5.11-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le"
},
"product_reference": "libopenmpt0-0.5.11-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-0.5.11-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x"
},
"product_reference": "libopenmpt0-0.5.11-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-0.5.11-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64"
},
"product_reference": "libopenmpt0-0.5.11-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-32bit-0.5.11-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64"
},
"product_reference": "libopenmpt0-32bit-0.5.11-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-32bit-0.5.11-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le"
},
"product_reference": "libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-32bit-0.5.11-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x"
},
"product_reference": "libopenmpt0-32bit-0.5.11-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenmpt0-32bit-0.5.11-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64"
},
"product_reference": "libopenmpt0-32bit-0.5.11-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openmpt123-0.5.11-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64"
},
"product_reference": "openmpt123-0.5.11-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openmpt123-0.5.11-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le"
},
"product_reference": "openmpt123-0.5.11-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openmpt123-0.5.11-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x"
},
"product_reference": "openmpt123-0.5.11-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openmpt123-0.5.11-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
},
"product_reference": "openmpt123-0.5.11-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11311"
}
],
"notes": [
{
"category": "general",
"text": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11311",
"url": "https://www.suse.com/security/cve/CVE-2017-11311"
},
{
"category": "external",
"summary": "SUSE Bug 1048666 for CVE-2017-11311",
"url": "https://bugzilla.suse.com/1048666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-11311"
},
{
"cve": "CVE-2018-10017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10017"
}
],
"notes": [
{
"category": "general",
"text": "soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10017",
"url": "https://www.suse.com/security/cve/CVE-2018-10017"
},
{
"category": "external",
"summary": "SUSE Bug 1089080 for CVE-2018-10017",
"url": "https://bugzilla.suse.com/1089080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10017"
},
{
"cve": "CVE-2018-11710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11710"
}
],
"notes": [
{
"category": "general",
"text": "soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11710",
"url": "https://www.suse.com/security/cve/CVE-2018-11710"
},
{
"category": "external",
"summary": "SUSE Bug 1095644 for CVE-2018-11710",
"url": "https://bugzilla.suse.com/1095644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-11710"
},
{
"cve": "CVE-2018-20860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20860"
}
],
"notes": [
{
"category": "general",
"text": "libopenmpt before 0.3.13 allows a crash with malformed MED files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20860",
"url": "https://www.suse.com/security/cve/CVE-2018-20860"
},
{
"category": "external",
"summary": "SUSE Bug 1143581 for CVE-2018-20860",
"url": "https://bugzilla.suse.com/1143581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20860"
},
{
"cve": "CVE-2018-20861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20861"
}
],
"notes": [
{
"category": "general",
"text": "libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20861",
"url": "https://www.suse.com/security/cve/CVE-2018-20861"
},
{
"category": "external",
"summary": "SUSE Bug 1143578 for CVE-2018-20861",
"url": "https://bugzilla.suse.com/1143578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20861"
},
{
"cve": "CVE-2019-14382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14382"
}
],
"notes": [
{
"category": "general",
"text": "DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14382",
"url": "https://www.suse.com/security/cve/CVE-2019-14382"
},
{
"category": "external",
"summary": "SUSE Bug 1143582 for CVE-2019-14382",
"url": "https://bugzilla.suse.com/1143582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14382"
},
{
"cve": "CVE-2019-14383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14383"
}
],
"notes": [
{
"category": "general",
"text": "J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14383",
"url": "https://www.suse.com/security/cve/CVE-2019-14383"
},
{
"category": "external",
"summary": "SUSE Bug 1143584 for CVE-2019-14383",
"url": "https://bugzilla.suse.com/1143584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14383"
},
{
"cve": "CVE-2019-17113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17113"
}
],
"notes": [
{
"category": "general",
"text": "In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17113",
"url": "https://www.suse.com/security/cve/CVE-2019-17113"
},
{
"category": "external",
"summary": "SUSE Bug 1153102 for CVE-2019-17113",
"url": "https://bugzilla.suse.com/1153102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt-devel-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:libopenmpt0-32bit-0.5.11-1.2.x86_64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.aarch64",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.ppc64le",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.s390x",
"openSUSE Tumbleweed:openmpt123-0.5.11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17113"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…