Multiple vulnerabilities in libopenmpt



Published: 2018-04-29
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-10017
CVE-2018-11710
CWE-ID CWE-125
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		libopenmpt
Universal components / Libraries / Libraries used by multiple products

Vendor libopenmpt

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU14209

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10017

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in soundlib/Snd_fx.cpp due to out-of-bounds read. A remote attacker can supply a specially crafted IT or MO3 file with many nested pattern loops and cause the service to crash.

Mitigation

Update to version 0.3.8.

Vulnerable software versions

libopenmpt: 0.3.4 - 0.3.7

External links

http://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU14210

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11710

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists in soundlib/pattern.h due to an invalid write near address 0 in an out-of-memory situation. A remote attacker can supply a specially crafted AMS file with many nested pattern loops and cause the service to crash or execute arbitrary code with elevated privileges.

Mitigation

Update to version 0.3.9.

Vulnerable software versions

libopenmpt: 0.3.4 - 0.3.8

External links

http://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###