CVE-2019-17113

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-17113
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17113.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17113
Downstream
Related
Published
2019-10-04T00:15:10.747Z
Modified
2026-03-10T22:25:29.793175Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlugInstrumentName and ModPlugSampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.

References

Affected packages

Git / github.com/openmpt/openmpt

Affected ranges

Type
GIT
Repo
https://github.com/openmpt/openmpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
611291880dc20cfd2e062f2302d884b5f0511e6a
Introduced
0e1ea9bc11bd585dc76d4ce3d85c2ef19eb0e970
Fixed
4f09ffc84b9a1daac058c283c4d4051ccc1712b1
Fixed
927688ddab43c2b203569de79407a899e734fabe
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.3.19"
        },
        {
            "introduced": "0.4.0"
        },
        {
            "fixed": "0.4.9"
        }
    ]
}

Affected versions

OpenMPT-1.*
OpenMPT-1.28.02.00
OpenMPT-1.28.03.00
OpenMPT-1.28.04.00
OpenMPT-1.28.05.00
OpenMPT-1.28.06.00
OpenMPT-1.28.07.00
libopenmpt-0.*
libopenmpt-0.4.0
libopenmpt-0.4.1
libopenmpt-0.4.2
libopenmpt-0.4.3
libopenmpt-0.4.4
libopenmpt-0.4.5
libopenmpt-0.4.6
libopenmpt-0.4.7
libopenmpt-0.4.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17113.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "121755524753216487338359141637396621916",
            "length": 473.0
        },
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "signature_type": "Function",
        "id": "CVE-2019-17113-5a94aeed",
        "target": {
            "file": "libopenmpt/libopenmpt_modplug.c",
            "function": "ModPlug_InstrumentName"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "121755524753216487338359141637396621916",
            "length": 473.0
        },
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "signature_type": "Function",
        "id": "CVE-2019-17113-bbd7f97f",
        "target": {
            "file": "libopenmpt/libopenmpt_modplug.c",
            "function": "ModPlug_SampleName"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "15137006520975798157982784244436761769",
                "319389042533568327372435745783798155690",
                "175834122122421528935573979794879080078",
                "85364868019126665323402967274050095718",
                "162400446700791913887172407436624711760",
                "171011490955096401468748371273866307010",
                "86847947984317825780275639008358727743",
                "125550102577571298604477066842723049840",
                "183386591737951785450419093791505420657",
                "243370328090283218716606685253546050524",
                "235379790053459614316703527585808047537",
                "122712867289023105350235613275155602080",
                "298754661009136765841563697397390699555",
                "227660598147743686660358009170027107794",
                "225248469356832048749570511144260614254",
                "197760849521062645755736383200098900124",
                "216776309499977154594826668785968714047",
                "57402251777980842054746115043937670337",
                "85112477388076416240474858858843276408",
                "193490365458804488790333101785733560541",
                "34598925870867036267172285085294918978",
                "124755474886407313515562343845084252101",
                "305933534732701961008918986389267564390",
                "304514908366703821864521344822901408793",
                "59597573422709497756534687158413216566",
                "10797416068852790919131841970650081501",
                "319389042533568327372435745783798155690",
                "175834122122421528935573979794879080078",
                "204747611659904489742088010871220091216",
                "245645347122837255285311110879305879482",
                "51371068763528817040834630186361852604",
                "132035236986210325750630829231183976551",
                "125550102577571298604477066842723049840",
                "183386591737951785450419093791505420657",
                "243370328090283218716606685253546050524",
                "235379790053459614316703527585808047537",
                "122712867289023105350235613275155602080",
                "298754661009136765841563697397390699555",
                "227660598147743686660358009170027107794",
                "225248469356832048749570511144260614254",
                "197760849521062645755736383200098900124",
                "216776309499977154594826668785968714047",
                "57402251777980842054746115043937670337",
                "85112477388076416240474858858843276408",
                "193490365458804488790333101785733560541",
                "34598925870867036267172285085294918978",
                "124755474886407313515562343845084252101",
                "36934497310234139229315131065946725217",
                "171873332723303613762487247958910790674"
            ]
        },
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "signature_type": "Line",
        "id": "CVE-2019-17113-eded99ba",
        "target": {
            "file": "libopenmpt/libopenmpt_modplug.c"
        }
    }
]