The OpenMPT/libopenmpt project released the latest stable libopenmpt version:

libopenmpt 0.3.6 (2018-02-03)

  • [Sec] Possible out-of-bounds memory read with malformed STP files. (r9576) (CVE-2018-6611)

  • [Bug] Small memory leak with malformed STP files.

  • STM: Accurate emulation of Scream Tracker 2 tempo mode.
  • STM: Better support for early format revisions (no such files have been found in the wild, though).
  • Fine volume slides are now supported when seeking with seek.sync_samples=1 enabled.

The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .

Source code download links:

Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.


The security issue fixed in libopenmpt 0.3 does not affect the earlier libopenmpt 0.2 branch. Thus, the libopenmpt 0.2.9542-beta29, libopenmpt 0.2.7561-beta20.5 and libopenmpt 0.2.7386-beta20.3 lines require no update.


The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:

  • 0.3.6
    • Current stable version.
    • Receives security updates.
    • Receives minor playback fixes.
  • 0.2.9542-beta29
    • Old stable version.
    • Receives security updates.
    • Receives trivial bug fixes.
  • 0.2.7561-beta20.5-p7
    • Older stable version which is supported on Unix-like systems only.
    • Receives only security fixes.
  • 0.2.7386-beta20.3-p10
    • Older stable version which is supported on Unix-like systems only.
    • Receives only security fixes.
  • 0.4 (SVN trunk)
    • development
    • security updates
    • playback fixes
    • new features
    • new file formats

Please update to the newest versions.