CVE-2019-14523

Published: Aug 2, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.

Affected (1)

Products: Schismtracker: Schism Tracker

Schismtracker

1 product

Schism Tracker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schismtracker Schism Tracker	Up to 20190722

Related CWEs

CWE-191

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (10)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/schismtracker/schismtracker/issues/202

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/schismtracker/schismtracker/releases/tag/20190805

Source: cve@mitre.org

Release Notes

https://security.gentoo.org/glsa/202107-12

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html