tildearrow/furnace

tildearrow/furnace

Releases213

Frequency1 week 1 day

Last Release about 1 month ago

Stars3.66K

a multi-system chiptune tracker compatible with DefleMask modules

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-4732 ↗	Mar 24, 2026Tuesday, 24 March 2026, 04:17	—	—
Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.
CVE-2026-24800 ↗	Jan 27, 2026Tuesday, 27 January 2026, 09:15	—	—
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
CVE-2022-1289 ↗	Apr 10, 2022Sunday, 10 April 2022, 16:15	4.3 MEDIUM	4.3 MEDIUM
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
CVE-2022-1211 ↗	Apr 3, 2022Sunday, 3 April 2022, 12:15	6.3 MEDIUM	4.3 MEDIUM
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.