Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. CVE-2009-1513 It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name. For the oldstable distribution (etch), these problems have been fixed in version 1:0.7-5.2+etch1. For the stable distribution (lenny), these problems have been fixed in version 1:0.8.4-1+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1:0.8.7-1. We recommend that you upgrade your libmodplug packages.
Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name.
It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name.
For the oldstable distribution (etch), these problems have been fixed in version 1:0.7-5.2+etch4.
For the stable distribution (lenny), these problems have been fixed in version 1:0.8.4-1+lenny1.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1:0.8.7-1.
We recommend that you upgrade your libmodplug packages.
MD5 checksums of the listed files are available in the original advisory.