{"affected":[{"ecosystem_specific":{"binaries":[{"libmikmod":"3.1.11a-116.2.3.1","libmikmod-devel":"3.1.11a-116.2.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"libmikmod","purl":"pkg:rpm/suse/libmikmod&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.11a-116.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libmikmod fixes the following issues:\n\n-  CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. (bsc#625547).\n\n","id":"SUSE-SU-2018:1471-1","modified":"2018-05-30T07:08:03Z","published":"2018-05-30T07:08:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181471-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/625547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2009-3995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2010-2546"}],"related":["CVE-2009-3995","CVE-2010-2546"],"summary":"Security update for libmikmod","upstream":["CVE-2009-3995","CVE-2010-2546"]}