AdPlug: Multiple vulnerabilities — GLSA 200609-06

Multiple heap and buffer overflows exist in AdPlug.

Affected packages

media-libs/adplug on all architectures
Affected versions < 2.0.1
Unaffected versions >= 2.0.1

Background

AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library.

Description

AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.

Impact

By enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug.

Workaround

There are no known workarounds at this time.

Resolution

All AdPlug users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/adplug-2.0.1"

References

Release date
September 12, 2006

Latest revision
September 12, 2006: 01

Severity
normal

Exploitable
local

Bugzilla entries