CVE-2018-6611

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6611

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6611.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6611

Downstream

DEBIAN-CVE-2018-6611

UBUNTU-CVE-2018-6611

Published

2018-02-04T12:29:00.317Z

Modified

2025-11-20T10:52:17.173432Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

References

Affected packages

Git / github.com/openmpt/openmpt

Affected ranges

Type: GIT
Repo: https://github.com/openmpt/openmpt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b60b322cf9f0ffa624018f1bb9783edf0dc908c3

Affected versions

ModPlugTracker-1.*

ModPlugTracker-1.16.206

ModPlugTracker-1.16.206-noMMX

ModplugWild-0.*

ModplugWild-0.00

ModplugWild-0.01

OpenMPT-1.*

OpenMPT-1.16.0213a

OpenMPT-1.16.0214a

OpenMPT-1.16.0215a

OpenMPT-1.17-RC0

OpenMPT-1.17-RC1

OpenMPT-1.17.02.41

OpenMPT-1.17.02.42

OpenMPT-1.17.02.43

OpenMPT-1.17.02.44

OpenMPT-1.17.02.45

OpenMPT-1.17.02.46

OpenMPT-1.17.02.47

OpenMPT-1.17.02.48

OpenMPT-1.17.02.49

OpenMPT-1.17.02.50

OpenMPT-1.17.02.51

OpenMPT-1.17.02.52

OpenMPT-1.17.03.02

OpenMPT-1.18.00.00

OpenMPT-1.18.02.00

OpenMPT-1.18.03.00

OpenMPT-1.19.01.00

OpenMPT-1.19.02.00

OpenMPT-1.20.01.00

OpenMPT-1.20.02.00

OpenMPT-1.20.03.00

OpenMPT-1.20.04.00

OpenMPT-1.21.01.00

OpenMPT-1.22.01.00

OpenMPT-1.22.02.00

OpenMPT-1.22.03.00

OpenMPT-1.22.04.00

OpenMPT-1.22.05.00

OpenMPT-1.23.01.00

OpenMPT-1.23.02.00

OpenMPT-1.23.03.00

OpenMPT-1.23.04.00

OpenMPT-1.23.05.00

OpenMPT-1.24.01.00

OpenMPT-1.24.02.00

OpenMPT-1.24.03.00

OpenMPT-1.24.04.00

OpenMPT-1.25.01.00

OpenMPT-1.25.02.00

OpenMPT-1.25.03.00

OpenMPT-1.25.04.00

OpenMPT-1.26.01.00

OpenMPT-1.26.02.00

OpenMPT-1.26.03.00

OpenMPT-1.26.04.00

OpenMPT-1.27.01.00

OpenMPT-1.27.02.00

OpenMPT-1.27.03.00

OpenMPT-1.27.04.00

libopenmpt-0.*

libopenmpt-0.2.3532-beta1

libopenmpt-0.2.3566-beta2

libopenmpt-0.2.3746-beta3

libopenmpt-0.2.3773-beta4

libopenmpt-0.2.4115-beta5

libopenmpt-0.2.4238-beta6

libopenmpt-0.2.4259-beta7

libopenmpt-0.2.4664-beta8

libopenmpt-0.2.4667-beta9

libopenmpt-0.2.4764-beta10

libopenmpt-0.2.4943-beta11

libopenmpt-0.2.4954-beta12

libopenmpt-0.2.5486-beta13

libopenmpt-0.2.5602-beta14

libopenmpt-0.2.5705-beta15

libopenmpt-0.2.5787-beta16

libopenmpt-0.2.6401-beta17

libopenmpt-0.2.6611-beta18

libopenmpt-0.2.6664-beta19

libopenmpt-0.2.6774-beta20

libopenmpt-0.3.0

libopenmpt-0.3.0-rc.1

libopenmpt-0.3.1

libopenmpt-0.3.2

libopenmpt-0.3.3

libopenmpt-0.3.4

libopenmpt-0.3.5

modplugxmms-1.*

modplugxmms-1.0.1

modplugxmms-1.1

modplugxmms-1.1.1

modplugxmms-1.2

modplugxmms-1.3

modplugxmms-1.3a

modplugxmms-1.5

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 591.0,
            "function_hash": "285002956042251184974220200022142455060"
        },
        "id": "CVE-2018-6611-01f0de28",
        "source": "https://github.com/openmpt/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3",
        "signature_type": "Function",
        "target": {
            "file": "soundlib/Load_stp.cpp",
            "function": "ConvertLoopSlice"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297710677419245212131952001826140316650",
                "187962768218808492300639041313916917687",
                "316832560482771585903899525570195167118",
                "333727956903769463456518075370466577237",
                "134673475192092300941735860659542097866",
                "143098810824130160455340450181748995051",
                "136004786687530675257082471708548503231",
                "161226604774195134357132948497249250430",
                "230161709490492119606610658159062393096",
                "66096360605058890063089954935876614904"
            ]
        },
        "id": "CVE-2018-6611-87a22402",
        "source": "https://github.com/openmpt/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3",
        "signature_type": "Line",
        "target": {
            "file": "soundlib/Load_stp.cpp"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 1035.0,
            "function_hash": "172267784049998551964186325814651537686"
        },
        "id": "CVE-2018-6611-e49fb077",
        "source": "https://github.com/openmpt/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3",
        "signature_type": "Function",
        "target": {
            "file": "soundlib/Load_stp.cpp",
            "function": "ConvertLoopSequence"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6611.json"