{
  "schema_version": "1.7.0",
  "id": "MGASA-2024-0242",
  "published": "2024-06-28T02:41:31Z",
  "modified": "2024-06-28T02:19:55Z",
  "summary": "Updated libopenmpt packages fix security vulnerabilities",
  "details": "Possible out-of-bounds read or write when reading malformed MED files.\n(r19389).\n[Null-pointer write (32bit platforms) or excessive memory allocation\n(64bit platforms) when reading close to 4GiB of data from unseekable\nfiles (r20336, r20338).\nWrite buffer overflow when reading unseekable files close to 4GiB in\nsize (r20339).\n[Possible out-of-memory (32bit platforms) or excessive memory allocation\n(64bit platforms) when reading malformed data from unseekable files\n(r20340).\nDMF: Possible null-pointer write or excessive memory allocation when\nreading DMF files (r20323).\nPotential heap out-of-bounds read or write past sample end with\nmalformed sustain loops in SymMOD files (r20420).\nPotential heap out-of-bounds read with malformed Dynamic Studio DSm\nfiles (r20912).\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0242.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=33333"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVQOQRGG6SYMGVWYOQWZ6D5URKRT4FKC/"
    },
    {
      "type": "WEB",
      "url": "https://lib.openmpt.org/libopenmpt/2023/06/18/security-updates-0.7.2-0.6.11-0.5.25-release-0.4.37/"
    },
    {
      "type": "WEB",
      "url": "https://lib.openmpt.org/libopenmpt/2024/03/17/security-updates-0.7.5-0.6.14-0.5.28-0.4.40/"
    },
    {
      "type": "WEB",
      "url": "https://lib.openmpt.org/libopenmpt/2024/03/24/security-updates-0.7.6-0.6.15-0.5.29-0.4.41/"
    },
    {
      "type": "WEB",
      "url": "https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "libopenmpt",
        "purl": "pkg:rpm/mageia/libopenmpt?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.8-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}