Debian Security Advisory
DSA-2226-1 libmodplug -- buffer overflow
- Date Reported:
- 26 Apr 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 622091.
In Mitre's CVE dictionary: CVE-2011-1574.
- More information:
M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 0.8.4-1+lenny2.
For the stable distribution (squeeze), this problem has been fixed in version 1:0.8.8.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1:0.8.8.2-1.
We recommend that you upgrade your libmodplug packages.