CVE-2011-2912

Name of the Vulnerable Software and Affected Versions libmodplug versions prior to 0.8.8.4

Description The issue concerns multiple vulnerabilities in the libmodplug package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a stack-based buffer overflow in the CSoundFile::ReadS3M function allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.

Recommendations For libmodplug versions prior to 0.8.8.4, update to version 0.8.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the CSoundFile::ReadS3M function in src/load s3m.cpp to minimize the risk of exploitation. Avoid using the libmodplug package with untrusted S3M files until the issue is resolved.