CVE-2018-11710
HIGHlibopenmpt < 0.3.9 - Out-of-bounds Write via Crafted AMS File
Title source: llmDescription
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
References (2)
Core 2
Core References
Patch, Release Notes x_refsource_confirm
https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/
Vendor Advisory x_refsource_confirm
https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150
Scores
CVSS v3
8.8
EPSS
0.0207
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
openmpt/libopenmpt
< 0.3.9
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026