Description
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Mitigation, Patch, Third Party Advisory x_refsource_misc
https://github.com/milkytracker/MilkyTracker/issues/275
Patch, Third Party Advisory x_refsource_misc
https://github.com/milkytracker/MilkyTracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
milkytracker_project/milkytracker
1.03.00
Published
Aug 03, 2022
Tracked Since
Feb 18, 2026