{"id":"CVE-2018-20860","details":"libopenmpt before 0.3.13 allows a crash with malformed MED files.","modified":"2026-04-11T12:08:47.947959Z","published":"2019-07-30T19:15:13.030Z","related":["SUSE-SU-2019:2435-1","openSUSE-SU-2019:2212-1","openSUSE-SU-2019:2213-1","openSUSE-SU-2024:10965-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00084.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00085.html"},{"type":"FIX","url":"https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openmpt/openmpt","events":[{"introduced":"0"},{"fixed":"b9c015ee60c0a2bb8310762a643f5dfc4f3f980c"}],"database_specific":{"cpe":"cpe:2.3:a:openmpt:libopenmpt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.3.13"}],"source":"CPE_FIELD"}}],"versions":["ModPlugTracker-1.16.206","ModplugWild-0.00","ModplugWild-0.01","OpenMPT-1.16.0213a","OpenMPT-1.16.0214a","OpenMPT-1.16.0215a","OpenMPT-1.17.02.41","OpenMPT-1.17.02.42","OpenMPT-1.17.02.43","OpenMPT-1.17.02.44","OpenMPT-1.17.02.45","OpenMPT-1.17.02.46","OpenMPT-1.17.02.47","OpenMPT-1.17.02.48","OpenMPT-1.17.02.49","OpenMPT-1.17.02.50","OpenMPT-1.17.02.51","OpenMPT-1.17.02.52","OpenMPT-1.17.03.02","OpenMPT-1.18.00.00","OpenMPT-1.18.02.00","OpenMPT-1.18.03.00","OpenMPT-1.19.01.00","OpenMPT-1.19.02.00","OpenMPT-1.20.01.00","OpenMPT-1.20.02.00","OpenMPT-1.20.03.00","OpenMPT-1.20.04.00","OpenMPT-1.21.01.00","OpenMPT-1.22.01.00","OpenMPT-1.22.02.00","OpenMPT-1.22.03.00","OpenMPT-1.22.04.00","OpenMPT-1.22.05.00","OpenMPT-1.23.01.00","OpenMPT-1.23.02.00","OpenMPT-1.23.03.00","OpenMPT-1.23.04.00","OpenMPT-1.23.05.00","OpenMPT-1.24.01.00","OpenMPT-1.24.02.00","OpenMPT-1.24.03.00","OpenMPT-1.24.04.00","OpenMPT-1.25.01.00","OpenMPT-1.25.02.00","OpenMPT-1.25.03.00","OpenMPT-1.25.04.00","OpenMPT-1.26.01.00","OpenMPT-1.26.02.00","OpenMPT-1.26.03.00","OpenMPT-1.26.04.00","OpenMPT-1.27.01.00","OpenMPT-1.27.02.00","OpenMPT-1.27.03.00","OpenMPT-1.27.04.00","OpenMPT-1.27.05.00","OpenMPT-1.27.06.00","OpenMPT-1.27.07.00","OpenMPT-1.27.08.00","OpenMPT-1.27.09.00","OpenMPT-1.27.10.00","libopenmpt-0.2.3532-beta1","libopenmpt-0.2.3566-beta2","libopenmpt-0.2.3746-beta3","libopenmpt-0.2.3773-beta4","libopenmpt-0.2.4115-beta5","libopenmpt-0.2.4238-beta6","libopenmpt-0.2.4259-beta7","libopenmpt-0.2.4664-beta8","libopenmpt-0.2.4667-beta9","libopenmpt-0.2.4764-beta10","libopenmpt-0.2.4943-beta11","libopenmpt-0.2.4954-beta12","libopenmpt-0.2.5486-beta13","libopenmpt-0.2.5602-beta14","libopenmpt-0.2.5705-beta15","libopenmpt-0.2.5787-beta16","libopenmpt-0.2.6401-beta17","libopenmpt-0.2.6611-beta18","libopenmpt-0.2.6664-beta19","libopenmpt-0.2.6774-beta20","libopenmpt-0.3.0","libopenmpt-0.3.0-rc.1","libopenmpt-0.3.1","libopenmpt-0.3.10","libopenmpt-0.3.11","libopenmpt-0.3.12","libopenmpt-0.3.2","libopenmpt-0.3.3","libopenmpt-0.3.4","libopenmpt-0.3.5","libopenmpt-0.3.6","libopenmpt-0.3.7","libopenmpt-0.3.8","libopenmpt-0.3.9","modplugxmms-1.0.1","modplugxmms-1.1","modplugxmms-1.1.1","modplugxmms-1.2","modplugxmms-1.3","modplugxmms-1.3a","modplugxmms-1.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20860.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}