Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Debian: DLA-2292-1 Critical: MilkyTracker Buffer Overflow Issues

debian lts
Calendar Grey July 27, 2020
Dist Debian Esm H88
Debian LTS announcement DLA-2293-1 upgrades VLC Media Player to rectify various integer overflows and security vulnerabilities.
Several vulnerabilities were fixed in MilkyTracker, a music tracker for composing music in the MOD and XM module file formats
Topics%20covered

Topics Covered

security advisory buffer overflow debian stack-based heap-based milkytracker music tracker

Summary

CVE-2019-14464

Heap-based buffer overflow in XMFile::read

CVE-2019-14496

Stack-based buffer overflow in LoaderXM::load

CVE-2019-14497

Heap-based buffer overflow in ModuleEditor::convertInstrument

CVE-2020-15569

Use-after-free in the PlayerGeneric destructor

For Debian 9 stretch, these problems have been fixed in version
0.90.86+dfsg-2+deb9u1.

We recommend that you upgrade your milkytracker packages.

For the detailed security status of milkytracker please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/milkytracker

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: milkytracker
Version: 0.90.86+dfsg-2+deb9u1
CVE ID: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497 CVE-2020-15569
Debian Bug: 933964 964797

Topics%20covered

Topics Covered

security advisory buffer overflow debian stack-based heap-based milkytracker music tracker

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here