CVE-2017-11311
Last modified
CVE-2017-11311 is a vulnerability of currently unknown severity. soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.. EPSS estimates a 1.68% chance of exploitation in the next 30 days.
Description
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Openmpt | Libopenmpt | <= 0.2.8414 | Beta25 |
| Openmpt | Openmpt | <= 1.26.12.00 | — |
References
- https://bugs.debian.org/867579Issue Tracking, Patch, Third Party Advisory
- https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.htmlPatch, Vendor Advisory
- https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438Issue Tracking, Patch, Third Party Advisory
- https://source.openmpt.org/browse/openmpt/trunk/?rev=6800Issue Tracking, Patch, Third Party Advisory
- https://bugs.debian.org/867579Issue Tracking, Patch, Third Party Advisory
- https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.htmlPatch, Vendor Advisory
- https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438Issue Tracking, Patch, Third Party Advisory
- https://source.openmpt.org/browse/openmpt/trunk/?rev=6800Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-11311?
How severe is CVE-2017-11311?
How do I fix CVE-2017-11311?
Are you affected by CVE-2017-11311?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST