CVE-2011-2913

Name of the Vulnerable Software and Affected Versions libmodplug versions prior to 0.8.8.4

Description The issue is related to an off-by-one error in the CSoundFile::ReadAMS function, which can be exploited by remote attackers using a crafted AMS file with a large number of samples. This could lead to a denial of service due to stack memory corruption and potentially allow the execution of arbitrary code. Additionally, there are multiple vulnerabilities in the libmodplug package that can compromise the confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For libmodplug versions prior to 0.8.8.4, update to version 0.8.8.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CSoundFile::ReadAMS function until a patch is available. Avoid using libmodplug with untrusted AMS files until the issue is resolved.