CVE-2018-6611

Опубликовано: 04 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

Ссылки

https://github.com/OpenMPT/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3
Patch
Vendor Advisory
https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
Patch
Release Notes
Vendor Advisory
https://github.com/OpenMPT/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3
Patch
Vendor Advisory
https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
Patch
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openmpt:libopenmpt:*:*:*:*:*:*:*:*

Версия до 0.3.6 (исключая)

cpe:2.3:a:openmpt:openmpt:*:*:*:*:*:*:*:*

Версия до 1.27.04.00 (включая)

EPSS

Процентиль: 60%

0.00396

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-6611

CVSS3: 8.8

ubuntu

около 8 лет назад

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

CVE-2018-6611

CVSS3: 8.8

debian

около 8 лет назад

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt be ...

GHSA-mf9g-r3m3-53j9

CVSS3: 8.8

github

больше 3 лет назад

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

EPSS

Процентиль: 60%

0.00396

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125