AdPlug: Multiple vulnerabilities

2006-09-12T00:00:00
ID GLSA-200609-06
Type gentoo
Reporter Gentoo Foundation
Modified 2006-09-12T00:00:00

Description

Background

AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library.

Description

AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.

Impact

By enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug.

Workaround

There are no known workarounds at this time.

Resolution

All AdPlug users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/adplug-2.0.1"