CVE-2019-17113

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17113
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17113.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-17113
Downstream
Related
Published
2019-10-04T00:15:10Z
Modified
2025-09-19T10:44:58.041017Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlugInstrumentName and ModPlugSampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.

References

Affected packages

Git / github.com/openmpt/openmpt

Affected ranges

Type
GIT
Repo
https://github.com/openmpt/openmpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
927688ddab43c2b203569de79407a899e734fabe

Affected versions

ModPlugTracker-1.*

ModPlugTracker-1.16.206
ModPlugTracker-1.16.206-noMMX

ModplugWild-0.*

ModplugWild-0.00
ModplugWild-0.01

OpenMPT-1.*

OpenMPT-1.16.0213a
OpenMPT-1.16.0214a
OpenMPT-1.16.0215a
OpenMPT-1.17-RC0
OpenMPT-1.17-RC1
OpenMPT-1.17.02.41
OpenMPT-1.17.02.42
OpenMPT-1.17.02.43
OpenMPT-1.17.02.44
OpenMPT-1.17.02.45
OpenMPT-1.17.02.46
OpenMPT-1.17.02.47
OpenMPT-1.17.02.48
OpenMPT-1.17.02.49
OpenMPT-1.17.02.50
OpenMPT-1.17.02.51
OpenMPT-1.17.02.52
OpenMPT-1.17.03.02
OpenMPT-1.18.00.00
OpenMPT-1.18.02.00
OpenMPT-1.18.03.00
OpenMPT-1.19.01.00
OpenMPT-1.19.02.00
OpenMPT-1.20.01.00
OpenMPT-1.20.02.00
OpenMPT-1.20.03.00
OpenMPT-1.20.04.00
OpenMPT-1.21.01.00
OpenMPT-1.22.01.00
OpenMPT-1.22.02.00
OpenMPT-1.22.03.00
OpenMPT-1.22.04.00
OpenMPT-1.22.05.00
OpenMPT-1.23.01.00
OpenMPT-1.23.02.00
OpenMPT-1.23.03.00
OpenMPT-1.23.04.00
OpenMPT-1.23.05.00
OpenMPT-1.24.01.00
OpenMPT-1.24.02.00
OpenMPT-1.24.03.00
OpenMPT-1.24.04.00
OpenMPT-1.25.01.00
OpenMPT-1.25.02.00
OpenMPT-1.25.03.00
OpenMPT-1.25.04.00
OpenMPT-1.26.01.00
OpenMPT-1.26.02.00
OpenMPT-1.26.03.00
OpenMPT-1.26.04.00

libopenmpt-0.*

libopenmpt-0.2.3532-beta1
libopenmpt-0.2.3566-beta2
libopenmpt-0.2.3746-beta3
libopenmpt-0.2.3773-beta4
libopenmpt-0.2.4115-beta5
libopenmpt-0.2.4238-beta6
libopenmpt-0.2.4259-beta7
libopenmpt-0.2.4664-beta8
libopenmpt-0.2.4667-beta9
libopenmpt-0.2.4764-beta10
libopenmpt-0.2.4943-beta11
libopenmpt-0.2.4954-beta12
libopenmpt-0.2.5486-beta13
libopenmpt-0.2.5602-beta14
libopenmpt-0.2.5705-beta15
libopenmpt-0.2.5787-beta16
libopenmpt-0.2.6401-beta17
libopenmpt-0.2.6611-beta18
libopenmpt-0.2.6664-beta19
libopenmpt-0.2.6774-beta20

modplugxmms-1.*

modplugxmms-1.0.1
modplugxmms-1.1
modplugxmms-1.1.1
modplugxmms-1.2
modplugxmms-1.3
modplugxmms-1.3a
modplugxmms-1.5

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-17113-5a94aeed",
            "signature_type": "Function",
            "digest": {
                "function_hash": "121755524753216487338359141637396621916",
                "length": 473.0
            },
            "target": {
                "file": "libopenmpt/libopenmpt_modplug.c",
                "function": "ModPlug_InstrumentName"
            },
            "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2019-17113-bbd7f97f",
            "signature_type": "Function",
            "digest": {
                "function_hash": "121755524753216487338359141637396621916",
                "length": 473.0
            },
            "target": {
                "file": "libopenmpt/libopenmpt_modplug.c",
                "function": "ModPlug_SampleName"
            },
            "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2019-17113-eded99ba",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "15137006520975798157982784244436761769",
                    "319389042533568327372435745783798155690",
                    "175834122122421528935573979794879080078",
                    "85364868019126665323402967274050095718",
                    "162400446700791913887172407436624711760",
                    "171011490955096401468748371273866307010",
                    "86847947984317825780275639008358727743",
                    "125550102577571298604477066842723049840",
                    "183386591737951785450419093791505420657",
                    "243370328090283218716606685253546050524",
                    "235379790053459614316703527585808047537",
                    "122712867289023105350235613275155602080",
                    "298754661009136765841563697397390699555",
                    "227660598147743686660358009170027107794",
                    "225248469356832048749570511144260614254",
                    "197760849521062645755736383200098900124",
                    "216776309499977154594826668785968714047",
                    "57402251777980842054746115043937670337",
                    "85112477388076416240474858858843276408",
                    "193490365458804488790333101785733560541",
                    "34598925870867036267172285085294918978",
                    "124755474886407313515562343845084252101",
                    "305933534732701961008918986389267564390",
                    "304514908366703821864521344822901408793",
                    "59597573422709497756534687158413216566",
                    "10797416068852790919131841970650081501",
                    "319389042533568327372435745783798155690",
                    "175834122122421528935573979794879080078",
                    "204747611659904489742088010871220091216",
                    "245645347122837255285311110879305879482",
                    "51371068763528817040834630186361852604",
                    "132035236986210325750630829231183976551",
                    "125550102577571298604477066842723049840",
                    "183386591737951785450419093791505420657",
                    "243370328090283218716606685253546050524",
                    "235379790053459614316703527585808047537",
                    "122712867289023105350235613275155602080",
                    "298754661009136765841563697397390699555",
                    "227660598147743686660358009170027107794",
                    "225248469356832048749570511144260614254",
                    "197760849521062645755736383200098900124",
                    "216776309499977154594826668785968714047",
                    "57402251777980842054746115043937670337",
                    "85112477388076416240474858858843276408",
                    "193490365458804488790333101785733560541",
                    "34598925870867036267172285085294918978",
                    "124755474886407313515562343845084252101",
                    "36934497310234139229315131065946725217",
                    "171873332723303613762487247958910790674"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "libopenmpt/libopenmpt_modplug.c"
            },
            "source": "https://github.com/openmpt/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe",
            "signature_version": "v1",
            "deprecated": false
        }
    ]
}