CVE-2019-17113

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17113
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17113.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17113
Downstream
Related
Published
2019-10-04T00:15:10Z
Modified
2025-10-21T04:53:19.354594Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlugInstrumentName and ModPlugSampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.

References

Affected packages

Git / github.com/openmpt/openmpt

Affected ranges

Type
GIT
Repo
https://github.com/openmpt/openmpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
927688ddab43c2b203569de79407a899e734fabe

Affected versions

ModPlugTracker-1.*

ModPlugTracker-1.16.206
ModPlugTracker-1.16.206-noMMX

ModplugWild-0.*

ModplugWild-0.00
ModplugWild-0.01

OpenMPT-1.*

OpenMPT-1.16.0213a
OpenMPT-1.16.0214a
OpenMPT-1.16.0215a
OpenMPT-1.17-RC0
OpenMPT-1.17-RC1
OpenMPT-1.17.02.41
OpenMPT-1.17.02.42
OpenMPT-1.17.02.43
OpenMPT-1.17.02.44
OpenMPT-1.17.02.45
OpenMPT-1.17.02.46
OpenMPT-1.17.02.47
OpenMPT-1.17.02.48
OpenMPT-1.17.02.49
OpenMPT-1.17.02.50
OpenMPT-1.17.02.51
OpenMPT-1.17.02.52
OpenMPT-1.17.03.02
OpenMPT-1.18.00.00
OpenMPT-1.18.02.00
OpenMPT-1.18.03.00
OpenMPT-1.19.01.00
OpenMPT-1.19.02.00
OpenMPT-1.20.01.00
OpenMPT-1.20.02.00
OpenMPT-1.20.03.00
OpenMPT-1.20.04.00
OpenMPT-1.21.01.00
OpenMPT-1.22.01.00
OpenMPT-1.22.02.00
OpenMPT-1.22.03.00
OpenMPT-1.22.04.00
OpenMPT-1.22.05.00
OpenMPT-1.23.01.00
OpenMPT-1.23.02.00
OpenMPT-1.23.03.00
OpenMPT-1.23.04.00
OpenMPT-1.23.05.00
OpenMPT-1.24.01.00
OpenMPT-1.24.02.00
OpenMPT-1.24.03.00
OpenMPT-1.24.04.00
OpenMPT-1.25.01.00
OpenMPT-1.25.02.00
OpenMPT-1.25.03.00
OpenMPT-1.25.04.00
OpenMPT-1.26.01.00
OpenMPT-1.26.02.00
OpenMPT-1.26.03.00
OpenMPT-1.26.04.00

libopenmpt-0.*

libopenmpt-0.2.3532-beta1
libopenmpt-0.2.3566-beta2
libopenmpt-0.2.3746-beta3
libopenmpt-0.2.3773-beta4
libopenmpt-0.2.4115-beta5
libopenmpt-0.2.4238-beta6
libopenmpt-0.2.4259-beta7
libopenmpt-0.2.4664-beta8
libopenmpt-0.2.4667-beta9
libopenmpt-0.2.4764-beta10
libopenmpt-0.2.4943-beta11
libopenmpt-0.2.4954-beta12
libopenmpt-0.2.5486-beta13
libopenmpt-0.2.5602-beta14
libopenmpt-0.2.5705-beta15
libopenmpt-0.2.5787-beta16
libopenmpt-0.2.6401-beta17
libopenmpt-0.2.6611-beta18
libopenmpt-0.2.6664-beta19
libopenmpt-0.2.6774-beta20

modplugxmms-1.*

modplugxmms-1.0.1
modplugxmms-1.1
modplugxmms-1.1.1
modplugxmms-1.2
modplugxmms-1.3
modplugxmms-1.3a
modplugxmms-1.5

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "id": "CVE-2019-17113-5a94aeed",
        "deprecated": false,
        "target": {
            "function": "ModPlug_InstrumentName",
            "file": "libopenmpt/libopenmpt_modplug.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 473.0,
            "function_hash": "121755524753216487338359141637396621916"
        }
    },
    {
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "id": "CVE-2019-17113-bbd7f97f",
        "deprecated": false,
        "target": {
            "function": "ModPlug_SampleName",
            "file": "libopenmpt/libopenmpt_modplug.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 473.0,
            "function_hash": "121755524753216487338359141637396621916"
        }
    },
    {
        "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
        "id": "CVE-2019-17113-eded99ba",
        "deprecated": false,
        "target": {
            "file": "libopenmpt/libopenmpt_modplug.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "15137006520975798157982784244436761769",
                "319389042533568327372435745783798155690",
                "175834122122421528935573979794879080078",
                "85364868019126665323402967274050095718",
                "162400446700791913887172407436624711760",
                "171011490955096401468748371273866307010",
                "86847947984317825780275639008358727743",
                "125550102577571298604477066842723049840",
                "183386591737951785450419093791505420657",
                "243370328090283218716606685253546050524",
                "235379790053459614316703527585808047537",
                "122712867289023105350235613275155602080",
                "298754661009136765841563697397390699555",
                "227660598147743686660358009170027107794",
                "225248469356832048749570511144260614254",
                "197760849521062645755736383200098900124",
                "216776309499977154594826668785968714047",
                "57402251777980842054746115043937670337",
                "85112477388076416240474858858843276408",
                "193490365458804488790333101785733560541",
                "34598925870867036267172285085294918978",
                "124755474886407313515562343845084252101",
                "305933534732701961008918986389267564390",
                "304514908366703821864521344822901408793",
                "59597573422709497756534687158413216566",
                "10797416068852790919131841970650081501",
                "319389042533568327372435745783798155690",
                "175834122122421528935573979794879080078",
                "204747611659904489742088010871220091216",
                "245645347122837255285311110879305879482",
                "51371068763528817040834630186361852604",
                "132035236986210325750630829231183976551",
                "125550102577571298604477066842723049840",
                "183386591737951785450419093791505420657",
                "243370328090283218716606685253546050524",
                "235379790053459614316703527585808047537",
                "122712867289023105350235613275155602080",
                "298754661009136765841563697397390699555",
                "227660598147743686660358009170027107794",
                "225248469356832048749570511144260614254",
                "197760849521062645755736383200098900124",
                "216776309499977154594826668785968714047",
                "57402251777980842054746115043937670337",
                "85112477388076416240474858858843276408",
                "193490365458804488790333101785733560541",
                "34598925870867036267172285085294918978",
                "124755474886407313515562343845084252101",
                "36934497310234139229315131065946725217",
                "171873332723303613762487247958910790674"
            ]
        }
    }
]