MidnightBSD

Advisories for milkytracker_project

CVE-2019-14464 MEDIUM

XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
milkytracker_project milkytracker 1.02.00
fedoraproject fedora 31
fedoraproject fedora 30
CVE-2019-14496 MEDIUM

LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
milkytracker_project milkytracker 1.02.00
CVE-2019-14497 MEDIUM

ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
milkytracker_project milkytracker 1.02.00
CVE-2020-15569 MEDIUM

PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 9.0
milkytracker_project milkytracker *
CVE-2022-34927

MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
milkytracker_project milkytracker 1.03.00