{"id":"CVE-2019-14380","details":"libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.","modified":"2026-04-10T04:14:49.404418Z","published":"2019-07-30T19:15:13.250Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4729"},{"type":"FIX","url":"https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openmpt/openmpt","events":[{"introduced":"0"},{"fixed":"6ee79e32c7257ec8e9b18fce3f6b21ee5695a853"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.4.5"}]}}],"versions":["ModPlugTracker-1.16.206","ModplugWild-0.00","ModplugWild-0.01","OpenMPT-1.16.0213a","OpenMPT-1.16.0214a","OpenMPT-1.16.0215a","OpenMPT-1.17.02.41","OpenMPT-1.17.02.42","OpenMPT-1.17.02.43","OpenMPT-1.17.02.44","OpenMPT-1.17.02.45","OpenMPT-1.17.02.46","OpenMPT-1.17.02.47","OpenMPT-1.17.02.48","OpenMPT-1.17.02.49","OpenMPT-1.17.02.50","OpenMPT-1.17.02.51","OpenMPT-1.17.02.52","OpenMPT-1.17.03.02","OpenMPT-1.18.00.00","OpenMPT-1.18.02.00","OpenMPT-1.18.03.00","OpenMPT-1.19.01.00","OpenMPT-1.19.02.00","OpenMPT-1.20.01.00","OpenMPT-1.20.02.00","OpenMPT-1.20.03.00","OpenMPT-1.20.04.00","OpenMPT-1.21.01.00","OpenMPT-1.22.01.00","OpenMPT-1.22.02.00","OpenMPT-1.22.03.00","OpenMPT-1.22.04.00","OpenMPT-1.22.05.00","OpenMPT-1.23.01.00","OpenMPT-1.23.02.00","OpenMPT-1.23.03.00","OpenMPT-1.23.04.00","OpenMPT-1.23.05.00","OpenMPT-1.24.01.00","OpenMPT-1.24.02.00","OpenMPT-1.24.03.00","OpenMPT-1.24.04.00","OpenMPT-1.25.01.00","OpenMPT-1.25.02.00","OpenMPT-1.25.03.00","OpenMPT-1.25.04.00","OpenMPT-1.26.01.00","OpenMPT-1.26.02.00","OpenMPT-1.26.03.00","OpenMPT-1.26.04.00","OpenMPT-1.28.01.00","OpenMPT-1.28.02.00","OpenMPT-1.28.03.00","OpenMPT-1.28.04.00","OpenMPT-1.28.05.00","libopenmpt-0.2.3532-beta1","libopenmpt-0.2.3566-beta2","libopenmpt-0.2.3746-beta3","libopenmpt-0.2.3773-beta4","libopenmpt-0.2.4115-beta5","libopenmpt-0.2.4238-beta6","libopenmpt-0.2.4259-beta7","libopenmpt-0.2.4664-beta8","libopenmpt-0.2.4667-beta9","libopenmpt-0.2.4764-beta10","libopenmpt-0.2.4943-beta11","libopenmpt-0.2.4954-beta12","libopenmpt-0.2.5486-beta13","libopenmpt-0.2.5602-beta14","libopenmpt-0.2.5705-beta15","libopenmpt-0.2.5787-beta16","libopenmpt-0.2.6401-beta17","libopenmpt-0.2.6611-beta18","libopenmpt-0.2.6664-beta19","libopenmpt-0.2.6774-beta20","libopenmpt-0.4.0","libopenmpt-0.4.1","libopenmpt-0.4.2","libopenmpt-0.4.3","libopenmpt-0.4.4","modplugxmms-1.0.1","modplugxmms-1.1","modplugxmms-1.1.1","modplugxmms-1.2","modplugxmms-1.3","modplugxmms-1.3a","modplugxmms-1.5"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14380.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}