CVE-2018-10017
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-10017
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10017.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-10017
- Downstream
- Related
- Published
- 2018-04-11T05:29:00Z
- Modified
- 2025-09-19T09:18:37.445992Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.
- References
Affected packages
Git / github.com/openmpt/openmpt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openmpt/openmpt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
ModPlugTracker-1.*
ModPlugTracker-1.16.206
ModPlugTracker-1.16.206-noMMX
ModplugWild-0.*
ModplugWild-0.00
ModplugWild-0.01
OpenMPT-1.*
OpenMPT-1.16.0213a
OpenMPT-1.16.0214a
OpenMPT-1.16.0215a
OpenMPT-1.17-RC0
OpenMPT-1.17-RC1
OpenMPT-1.17.02.41
OpenMPT-1.17.02.42
OpenMPT-1.17.02.43
OpenMPT-1.17.02.44
OpenMPT-1.17.02.45
OpenMPT-1.17.02.46
OpenMPT-1.17.02.47
OpenMPT-1.17.02.48
OpenMPT-1.17.02.49
OpenMPT-1.17.02.50
OpenMPT-1.17.02.51
OpenMPT-1.17.02.52
OpenMPT-1.17.03.02
OpenMPT-1.18.00.00
OpenMPT-1.18.02.00
OpenMPT-1.18.03.00
OpenMPT-1.19.01.00
OpenMPT-1.19.02.00
OpenMPT-1.20.01.00
OpenMPT-1.20.02.00
OpenMPT-1.20.03.00
OpenMPT-1.20.04.00
OpenMPT-1.21.01.00
OpenMPT-1.22.01.00
OpenMPT-1.22.02.00
OpenMPT-1.22.03.00
OpenMPT-1.22.04.00
OpenMPT-1.22.05.00
OpenMPT-1.23.01.00
OpenMPT-1.23.02.00
OpenMPT-1.23.03.00
OpenMPT-1.23.04.00
OpenMPT-1.23.05.00
OpenMPT-1.24.01.00
OpenMPT-1.24.02.00
OpenMPT-1.24.03.00
OpenMPT-1.24.04.00
OpenMPT-1.25.01.00
OpenMPT-1.25.02.00
OpenMPT-1.25.03.00
OpenMPT-1.25.04.00
OpenMPT-1.26.01.00
OpenMPT-1.26.02.00
OpenMPT-1.26.03.00
OpenMPT-1.26.04.00
libopenmpt-0.*
libopenmpt-0.2.3532-beta1
libopenmpt-0.2.3566-beta2
libopenmpt-0.2.3746-beta3
libopenmpt-0.2.3773-beta4
libopenmpt-0.2.4115-beta5
libopenmpt-0.2.4238-beta6
libopenmpt-0.2.4259-beta7
libopenmpt-0.2.4664-beta8
libopenmpt-0.2.4667-beta9
libopenmpt-0.2.4764-beta10
libopenmpt-0.2.4943-beta11
libopenmpt-0.2.4954-beta12
libopenmpt-0.2.5486-beta13
libopenmpt-0.2.5602-beta14
libopenmpt-0.2.5705-beta15
libopenmpt-0.2.5787-beta16
libopenmpt-0.2.6401-beta17
libopenmpt-0.2.6611-beta18
libopenmpt-0.2.6664-beta19
libopenmpt-0.2.6774-beta20
modplugxmms-1.*
modplugxmms-1.0.1
modplugxmms-1.1
modplugxmms-1.1.1
modplugxmms-1.2
modplugxmms-1.3
modplugxmms-1.3a
modplugxmms-1.5
Database specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "216037417499697353578779240638772842004",
"length": 24688.0
},
"id": "CVE-2018-10017-6abb7ce0",
"source": "https://github.com/openmpt/openmpt/commit/7ebf02af2e90f03e0dbd0e18b8b3164f372fb97c",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "soundlib/Snd_fx.cpp",
"function": "CSoundFile::GetLength"
},
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"325917953417791362975220896489095883225",
"253709592881847828482822399192097432058",
"325337853414273268223428616874770262766",
"265114425300270518893969925795053224428"
]
},
"id": "CVE-2018-10017-987b0bb9",
"source": "https://github.com/openmpt/openmpt/commit/7ebf02af2e90f03e0dbd0e18b8b3164f372fb97c",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "soundlib/Snd_fx.cpp"
},
"deprecated": false
}
]
}