Saga Musix

**Name of the Vulnerable Software and Affected Versions** OpenMPT versions prior to 1.27.07.00 libopenmpt versions prior to 0.3.8 **Description** The issue is related to a buffer overflow and out-of-bounds read in the `soundlib/Snd fx.cpp` file of OpenMPT and libopenmpt. This can be exploited by a remote attacker to cause a denial of service when processing a specially crafted IT or MO3 file containing multiple nested looped patterns. **Recommendations** For OpenMPT versions prior to 1.27.07.00, update to version 1.27.07.00 or later to resolve the issue. For libopenmpt versions prior to 0.3.8, update to version 0.3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of IT and MO3 files with nested pattern loops until a patch is applied.