CVE-2022-34927

MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.

References

Affected packages

Git / github.com/milkytracker/milkytracker

Affected ranges

Type: GIT
Repo: https://github.com/milkytracker/milkytracker
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b

Affected versions

v0.*

v0.90.80

v0.90.85

v0.90.86

v1.*

v1.0.0

v1.01.00

v1.02.00

v1.03.00

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/milkytracker/milkytracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "92762678729644534731041799942737680000",
                "263997541143629577749552266977049635344",
                "224676694526586997915366558330786479696",
                "113720897472328604541739210501823761945"
            ]
        },
        "target": {
            "file": "src/milkyplay/LoaderXM.cpp"
        },
        "id": "CVE-2022-34927-2af757c9"
    },
    {
        "source": "https://github.com/milkytracker/milkytracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "154008910926743438524962085660973975776",
            "length": 16512.0
        },
        "target": {
            "file": "src/milkyplay/LoaderXM.cpp",
            "function": "LoaderXM::load"
        },
        "id": "CVE-2022-34927-cb042e6a"
    }
]