Vulnerabilities > CVE-2019-14383 - Reachable Assertion vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

openmpt

opensuse

CWE-617

nessus

NVD

Published: 2019-07-30

Updated: 2023-03-03

Summary

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.

Vulnerable Configurations

Part	Description	Count
Application	Openmpt Openmpt Libopenmpt 0.2.3532 Openmpt Libopenmpt 0.2.3566 Openmpt Libopenmpt 0.2.3746 Openmpt Libopenmpt 0.2.3773 Openmpt Libopenmpt 0.2.4115 Openmpt Libopenmpt 0.2.4238 Openmpt Libopenmpt 0.2.4259 Openmpt Libopenmpt 0.2.4664 Openmpt Libopenmpt 0.2.4667 Openmpt Libopenmpt 0.2.4764 Openmpt Libopenmpt 0.2.4943 Openmpt Libopenmpt 0.2.4954 Openmpt Libopenmpt 0.2.5486 Openmpt Libopenmpt 0.2.5602 Openmpt Libopenmpt 0.2.5705 Openmpt Libopenmpt 0.2.5787 Openmpt Libopenmpt 0.2.6401 Openmpt Libopenmpt 0.2.6611 Openmpt Libopenmpt 0.2.6664 Openmpt Libopenmpt 0.2.6774 Openmpt Libopenmpt 0.2.7025 Openmpt Libopenmpt 0.2.7299 Openmpt Libopenmpt 0.2.7386 Openmpt Libopenmpt 0.2.7559 Openmpt Libopenmpt 0.2.7561 Openmpt Libopenmpt 0.2.7774 Openmpt Libopenmpt 0.2.8043 Openmpt Libopenmpt 0.2.8190 Openmpt Libopenmpt 0.2.8414 Openmpt Libopenmpt 0.2.8461 Openmpt Libopenmpt 0.2.8760 Openmpt Libopenmpt 0.2.9227 Openmpt Libopenmpt 0.2.9913 Openmpt Libopenmpt 0.2.10049 Openmpt Libopenmpt 0.2.10172 Openmpt Libopenmpt 0.2.10495 Openmpt Libopenmpt 0.2.10635 Openmpt Libopenmpt 0.2.10859 Openmpt Libopenmpt 0.2.10933 Openmpt Libopenmpt 0.2.11253 Openmpt Libopenmpt 0.2.11539 Openmpt Libopenmpt 0.2.95422 Openmpt Libopenmpt 0.3.0 Openmpt Libopenmpt 0.3.1 Openmpt Libopenmpt 0.3.2 Openmpt Libopenmpt 0.3.3 Openmpt Libopenmpt 0.3.4 Openmpt Libopenmpt 0.3.5 Openmpt Libopenmpt 0.3.6 Openmpt Libopenmpt 0.3.7 Openmpt Libopenmpt 0.3.8 Openmpt Libopenmpt 0.3.9 Openmpt Libopenmpt 0.3.10 Openmpt Libopenmpt 0.3.11 Openmpt Libopenmpt 0.3.12 Openmpt Libopenmpt 0.3.13 Openmpt Libopenmpt 0.3.14 Openmpt Libopenmpt 0.3.15 Openmpt Libopenmpt 0.3.16 Openmpt Libopenmpt 0.3.17 Openmpt Libopenmpt 0.3.18 Openmpt Libopenmpt 0.3.19 Openmpt Libopenmpt 0.4.0 Openmpt Libopenmpt 0.4.1	66
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2435-1.NASL
description	This update for libopenmpt fixes the following issues : Security issues fixed : CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129285
published	2019-09-24
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129285
title	SUSE SLED15 / SLES15 Security Update : libopenmpt (SUSE-SU-2019:2435-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2212.NASL
description	This update for libopenmpt fixes the following issues : Security issues fixed : - CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). - CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). - CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). - CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	129462
published	2019-09-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129462
title	openSUSE Security Update : libopenmpt (openSUSE-2019-2212)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2213.NASL
description	This update for libopenmpt fixes the following issues : Security issues fixed : - CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). - CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). - CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). - CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	129463
published	2019-09-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129463
title	openSUSE Security Update : libopenmpt (openSUSE-2019-2213)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References