Debian Security Advisory

DSA-2751-1 libmodplug -- several vulnerabilities

Date Reported:
04 Sep 2013
Affected Packages:
libmodplug
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2013-4233, CVE-2013-4234.
More information:

Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players.

For the oldstable distribution (squeeze), these problems have been fixed in version 1:0.8.8.1-1+squeeze2+git20130828.

For the stable distribution (wheezy), these problems have been fixed in version 1:0.8.8.4-3+deb7u1+git20130828.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 1:0.8.8.4-4.

We recommend that you upgrade your libmodplug packages.