adplugdb-2.3.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12762-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z adplugdb-2.3.3-1.1 on GA media These are all security issues fixed in the adplugdb-2.3.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12762 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-14690/ SUSE CVE CVE-2019-14690 page https://www.suse.com/security/cve/CVE-2019-14691/ SUSE CVE CVE-2019-14691 page https://www.suse.com/security/cve/CVE-2019-14692/ SUSE CVE CVE-2019-14692 page https://www.suse.com/security/cve/CVE-2019-14732/ SUSE CVE CVE-2019-14732 page https://www.suse.com/security/cve/CVE-2019-14733/ SUSE CVE CVE-2019-14733 page https://www.suse.com/security/cve/CVE-2019-14734/ SUSE CVE CVE-2019-14734 page https://www.suse.com/security/cve/CVE-2019-15151/ SUSE CVE CVE-2019-15151 page openSUSE Tumbleweed adplugdb-2.3.3-1.1 libadplug-devel-2.3.3-1.1 libadplug2_3_3-0-2.3.3-1.1 adplugdb-2.3.3-1.1 as a component of openSUSE Tumbleweed libadplug-devel-2.3.3-1.1 as a component of openSUSE Tumbleweed libadplug2_3_3-0-2.3.3-1.1 as a component of openSUSE Tumbleweed AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. CVE-2019-14690 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14690.html CVE-2019-14690 AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. CVE-2019-14691 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14691.html CVE-2019-14691 AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. CVE-2019-14692 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14692.html CVE-2019-14692 AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. CVE-2019-14732 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14732.html CVE-2019-14732 AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. CVE-2019-14733 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14733.html CVE-2019-14733 AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. CVE-2019-14734 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14734.html CVE-2019-14734 AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. CVE-2019-15151 openSUSE Tumbleweed:adplugdb-2.3.3-1.1 openSUSE Tumbleweed:libadplug-devel-2.3.3-1.1 openSUSE Tumbleweed:libadplug2_3_3-0-2.3.3-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15151.html CVE-2019-15151