{"id":"CVE-2017-11311","details":"soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.","modified":"2026-04-11T12:03:45.639297Z","published":"2017-07-17T13:18:20.030Z","related":["openSUSE-SU-2024:10965-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:openmpt:libopenmpt:*:beta25:*:*:*:*:*:*","extracted_events":[{"last_affected":"0.2.8414"}],"source":"CPE_FIELD"}]},"references":[{"type":"FIX","url":"https://bugs.debian.org/867579"},{"type":"FIX","url":"https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"},{"type":"FIX","url":"https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438"},{"type":"FIX","url":"https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openmpt/openmpt","events":[{"introduced":"0"},{"last_affected":"d5aaa0db13dbc492f6f03dcdcdfdf0f8e67c7d4d"}],"database_specific":{"cpe":"cpe:2.3:a:openmpt:openmpt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.26.12.00"}],"source":"CPE_FIELD"}}],"versions":["ModPlugTracker-1.16.206","ModplugWild-0.00","ModplugWild-0.01","OpenMPT-1.16.0213a","OpenMPT-1.16.0214a","OpenMPT-1.16.0215a","OpenMPT-1.17.02.41","OpenMPT-1.17.02.42","OpenMPT-1.17.02.43","OpenMPT-1.17.02.44","OpenMPT-1.17.02.45","OpenMPT-1.17.02.46","OpenMPT-1.17.02.47","OpenMPT-1.17.02.48","OpenMPT-1.17.02.49","OpenMPT-1.17.02.50","OpenMPT-1.17.02.51","OpenMPT-1.17.02.52","OpenMPT-1.17.03.02","OpenMPT-1.18.00.00","OpenMPT-1.18.02.00","OpenMPT-1.18.03.00","OpenMPT-1.19.01.00","OpenMPT-1.19.02.00","OpenMPT-1.20.01.00","OpenMPT-1.20.02.00","OpenMPT-1.20.03.00","OpenMPT-1.20.04.00","OpenMPT-1.21.01.00","OpenMPT-1.22.01.00","OpenMPT-1.22.02.00","OpenMPT-1.22.03.00","OpenMPT-1.22.04.00","OpenMPT-1.22.05.00","OpenMPT-1.23.01.00","OpenMPT-1.23.02.00","OpenMPT-1.23.03.00","OpenMPT-1.23.04.00","OpenMPT-1.23.05.00","OpenMPT-1.24.01.00","OpenMPT-1.24.02.00","OpenMPT-1.24.03.00","OpenMPT-1.24.04.00","OpenMPT-1.25.01.00","OpenMPT-1.25.02.00","OpenMPT-1.25.03.00","OpenMPT-1.25.04.00","OpenMPT-1.26.01.00","OpenMPT-1.26.02.00","OpenMPT-1.26.03.00","OpenMPT-1.26.04.00","OpenMPT-1.26.05.00","OpenMPT-1.26.06.00","OpenMPT-1.26.07.00","OpenMPT-1.26.08.00","OpenMPT-1.26.09.00","OpenMPT-1.26.10.00","OpenMPT-1.26.11.00","OpenMPT-1.26.12.00","libopenmpt-0.2.3532-beta1","libopenmpt-0.2.3566-beta2","libopenmpt-0.2.3746-beta3","libopenmpt-0.2.3773-beta4","libopenmpt-0.2.4115-beta5","libopenmpt-0.2.4238-beta6","libopenmpt-0.2.4259-beta7","libopenmpt-0.2.4664-beta8","libopenmpt-0.2.4667-beta9","libopenmpt-0.2.4764-beta10","libopenmpt-0.2.4943-beta11","libopenmpt-0.2.4954-beta12","libopenmpt-0.2.5486-beta13","libopenmpt-0.2.5602-beta14","libopenmpt-0.2.5705-beta15","libopenmpt-0.2.5787-beta16","libopenmpt-0.2.6401-beta17","libopenmpt-0.2.6611-beta18","libopenmpt-0.2.6664-beta19","libopenmpt-0.2.6774-beta20","libopenmpt-0.2.7025-beta20.1","libopenmpt-0.2.7299-beta20.2","libopenmpt-0.2.7386-beta20.3","libopenmpt-0.2.7559-beta20.4","libopenmpt-0.2.7561-beta20.5","libopenmpt-0.2.7774-beta22","libopenmpt-0.2.8043-beta23","libopenmpt-0.2.8190-beta24","modplugxmms-1.0.1","modplugxmms-1.1","modplugxmms-1.1.1","modplugxmms-1.2","modplugxmms-1.3","modplugxmms-1.3a","modplugxmms-1.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11311.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}