CVE-2018-10017

EPSS 0.79%
Veröffentlicht 11.04.2018 05:29:00
Zuletzt bearbeitet 21.11.2024 03:40:41
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openmpt ≫ Libopenmpt Version < 0.3.8

Openmpt ≫ Openmpt Version < 1.27.07.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.717

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/OpenMPT/openmpt/commit/7ebf02af2e90f03e0dbd0e18b8b3164f372fb97c

Patch

Vendor Advisory

https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/

Patch

Vendor Advisory

https://openmpt.org/openmpt-1-27-07-00-released

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-10017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10017

EUVD