A stack-based buffer overflow vulnerability was discovered [1] in the way that that libmodplug handled S3M media files. If an attacker were able to coerce a user into opening a malicious S3M media file with an application linked to libmodplug, it could be possible to execute arbitrary code with the privileges of the user running the application. This has been corrected upstream [2] in 0.8.8.2 [1] https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt [2] http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b src: From RH Bugzilla
Priority: Normal => release_blockerDepends on: (none) => 908
Priority: release_blocker => High
CC: (none) => miscBlocks: (none) => 908Depends on: 908 => (none)
fixed in package libmodplug-0.8.8.2-1.mga1
Status: NEW => RESOLVEDResolution: (none) => FIXED