Security Information / 2013 / Security Information -- DSA-2751-1 libmodplug

Debian Security Advisory

DSA-2751-1 libmodplug -- several vulnerabilities

Date Reported:

04 Sep 2013

Affected Packages:

libmodplug

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-4233, CVE-2013-4234.

More information:

Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players.

For the oldstable distribution (squeeze), these problems have been fixed in version 1:0.8.8.1-1+squeeze2+git20130828.

For the stable distribution (wheezy), these problems have been fixed in version 1:0.8.8.4-3+deb7u1+git20130828.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 1:0.8.8.4-4.

We recommend that you upgrade your libmodplug packages.