SPECIAL STATE PROTECTION SERVICE
SPECIAL COMMUNICATION AND INFORMATION
SECURITY STATE AGENCY

COMPUTER EMERGENCY
RESPONSE CENTER

Report Incident

Bugtrack

  • Name of Program: libmodplug: Execute arbitrary code/commands - Remote/unauthenticated
  • Developer website:
  • Thread: High
  • Overview:

    M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.

    This advisory references vulnerabilities in products which run on platforms other than Debian.

  • Solution:

     It is recommended that administrators running libmodplug check for an updated version of the software for their operating system.

    For the oldstable distribution (lenny), this problem has been fixed in version 0.8.4-1+lenny2.

    For the stable distribution (squeeze), this problem has been fixed in version 1:0.8.8.1-1+squeeze1.

    For the unstable distribution (sid), this problem has been fixed in version 1:0.8.8.2-1.

    We recommend that you upgrade your libmodplug packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/