Candidate: CVE-2018-6611
PublicDate: 2018-02-04 12:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6611
 https://github.com/OpenMPT/openmpt/commit/61fc6d3030a4d4283105cb5fb46b27b42fa5575e
 https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
Description:
 soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before
 0.3.6, has an out-of-bounds read via a malformed STP file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889545
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libopenmpt:
upstream_libopenmpt: released (0.3.6-1)
precise/esm_libopenmpt: DNE
trusty_libopenmpt: DNE
trusty/esm_libopenmpt: DNE
xenial_libopenmpt: DNE
artful_libopenmpt: ignored (reached end-of-life)
bionic_libopenmpt: not-affected (0.3.6-1)
devel_libopenmpt: not-affected (0.3.6-1)