{"id":"CVE-2019-14523","details":"An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.","modified":"2026-04-11T08:55:59.109789Z","published":"2019-08-02T12:15:12.240Z","related":["openSUSE-SU-2019:1994-1","openSUSE-SU-2019:2019-1","openSUSE-SU-2024:11373-1"],"references":[{"type":"ADVISORY","url":"https://github.com/schismtracker/schismtracker/releases/tag/20190805"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-12"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html"},{"type":"REPORT","url":"https://github.com/schismtracker/schismtracker/issues/202"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/schismtracker/schismtracker","events":[{"introduced":"0"},{"last_affected":"10bd1b80cd556237ebc2a7bd8890b72523849c46"},{"fixed":"2bec16c06dd8217e9a13c0a11a8cffef056ba654"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20190722"}]}}],"versions":["20160521","20160913","20170420","20170910","20180209","20180513","20180810","20181223","20190614","20190722","deploy-test-1","deploy-test-2","deploy-test-3","deploy-test-4","hg-import","issue-175.0","issue-175.1","macosx-deploy-test"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["224055788049900540709427692689651661201","275930272063615827784692127744287583208","160960154854901102293228634199250200061","123549873775705913765956774013891154771","13313165472099101128433330569817398371","55856736214367538685431831480351812470","229716936099274747841883636138080302287","161110344584187560828581970612955282499","208086167321760982844594865909047492195","68266502516922298588855656691560064102","247412820218332113063109928122426004610","42939641534974008856493574042964664992","8801546335998364913974673681558108434","219381611494742201977818552885141022050","186899322944989209956665385294356561546"]},"source":"https://github.com/schismtracker/schismtracker/commit/2bec16c06dd8217e9a13c0a11a8cffef056ba654","target":{"file":"fmt/mtm.c"},"id":"CVE-2019-14523-8f209608"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"265080868349810600778120886468204675936","length":4419},"source":"https://github.com/schismtracker/schismtracker/commit/2bec16c06dd8217e9a13c0a11a8cffef056ba654","target":{"file":"fmt/mtm.c","function":"fmt_mtm_load_song"},"id":"CVE-2019-14523-a3aa1a43"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14523.json","vanir_signatures_modified":"2026-04-11T08:55:59Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}