{"id":"CVE-2019-14524","details":"An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.","modified":"2026-04-11T08:55:59.372629Z","published":"2019-08-02T12:15:12.317Z","related":["openSUSE-SU-2019:1994-1","openSUSE-SU-2019:2019-1","openSUSE-SU-2024:11373-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html"},{"type":"ADVISORY","url":"https://github.com/schismtracker/schismtracker/releases/tag/20190805"},{"type":"REPORT","url":"https://github.com/schismtracker/schismtracker/issues/201"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/schismtracker/schismtracker","events":[{"introduced":"0"},{"last_affected":"10bd1b80cd556237ebc2a7bd8890b72523849c46"},{"fixed":"2bec16c06dd8217e9a13c0a11a8cffef056ba654"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20190722"}]}}],"versions":["20160521","20160913","20170420","20170910","20180209","20180513","20180810","20181223","20190614","20190722","deploy-test-1","deploy-test-2","deploy-test-3","deploy-test-4","hg-import","issue-175.0","issue-175.1","macosx-deploy-test"],"database_specific":{"vanir_signatures":[{"target":{"file":"fmt/mtm.c"},"signature_type":"Line","digest":{"line_hashes":["224055788049900540709427692689651661201","275930272063615827784692127744287583208","160960154854901102293228634199250200061","123549873775705913765956774013891154771","13313165472099101128433330569817398371","55856736214367538685431831480351812470","229716936099274747841883636138080302287","161110344584187560828581970612955282499","208086167321760982844594865909047492195","68266502516922298588855656691560064102","247412820218332113063109928122426004610","42939641534974008856493574042964664992","8801546335998364913974673681558108434","219381611494742201977818552885141022050","186899322944989209956665385294356561546"],"threshold":0.9},"source":"https://github.com/schismtracker/schismtracker/commit/2bec16c06dd8217e9a13c0a11a8cffef056ba654","signature_version":"v1","deprecated":false,"id":"CVE-2019-14524-8f209608"},{"target":{"function":"fmt_mtm_load_song","file":"fmt/mtm.c"},"signature_type":"Function","digest":{"length":4419,"function_hash":"265080868349810600778120886468204675936"},"source":"https://github.com/schismtracker/schismtracker/commit/2bec16c06dd8217e9a13c0a11a8cffef056ba654","signature_version":"v1","deprecated":false,"id":"CVE-2019-14524-a3aa1a43"}],"vanir_signatures_modified":"2026-04-11T08:55:59Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"sle-15-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"sle-15-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14524.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}