Ubuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
fedcc331c95208511c21b229acf97430edf70aba3923ab9b666e62fad87f864e
Mandriva Linux Security Advisory - Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
ddf094e2319c282cf5918b477732574a9739e37a3d4201fc2763b9ce89fe45cf