ALT-PU-2022-2443-1
Package milkytracker updated to version 1.03.00-alt1_1 for branch p10 in task 305047.
Closed vulnerabilities
Published: 2019-07-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14464
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/milkytracker/MilkyTracker/issues/184
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBIIPS2CDMUXJ3CIEPKMEY3D73UZDR3T/
- https://usn.ubuntu.com/4499-1/
- https://github.com/milkytracker/MilkyTracker/issues/184
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBIIPS2CDMUXJ3CIEPKMEY3D73UZDR3T/
- https://usn.ubuntu.com/4499-1/
Published: 2019-08-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14496
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/milkytracker/MilkyTracker/issues/183
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://usn.ubuntu.com/4499-1/
- https://github.com/milkytracker/MilkyTracker/issues/183
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://usn.ubuntu.com/4499-1/
Published: 2019-08-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14497
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/milkytracker/MilkyTracker/issues/182
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://usn.ubuntu.com/4499-1/
- https://github.com/milkytracker/MilkyTracker/issues/182
- https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://usn.ubuntu.com/4499-1/
Published: 2020-07-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-15569
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html
- https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
- https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html