Buffer overflow vulnerability in libopenmpt_modplug.c in libopenmpt before 0.3.19 and 0.4.x before 0.4.9

CVE-2019-17113 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.

Learn more about our Cis Benchmark Audit For Ibm I.