Candidate: CVE-2018-11710
PublicDate: 2018-06-04 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11710
 https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/
 https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150
Description:
 soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to
 cause a denial of service (application crash) or possibly have unspecified
 other impact via a crafted AMS file because of an invalid write near
 address 0 in an out-of-memory situation.
Ubuntu-Description:
 It was discovered that OpenMPT incorrectly handled certain files. A remote
 attacker could possibly use this issue to cause a denial of service or other
 unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libopenmpt:
upstream_libopenmpt: released (0.3.9-1)
precise/esm_libopenmpt: DNE
trusty_libopenmpt: DNE
trusty/esm_libopenmpt: DNE
xenial_libopenmpt: DNE
artful_libopenmpt: ignored (reached end-of-life)
bionic_libopenmpt: needed
cosmic_libopenmpt: not-affected (0.3.9-1)
disco_libopenmpt: not-affected (0.3.9-1)
eoan_libopenmpt: not-affected (0.3.9-1)
focal_libopenmpt: not-affected (0.3.9-1)
groovy_libopenmpt: not-affected (0.3.9-1)
hirsute_libopenmpt: not-affected (0.3.9-1)
impish_libopenmpt: not-affected (0.3.9-1)
jammy_libopenmpt: not-affected (0.3.9-1)
devel_libopenmpt: not-affected (0.3.9-1)