CVE-2009-3995
EPSS 12.2%libmikmod - arbitrary code execution
Published: 12/18/2009Modified: 4/28/2026
Description
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Affected packages (3)
- Debian/libmikmodfrom 0, < 3.1.11-6.2
- Debian/libmikmodfrom 0, < 3.1.11-6+lenny1
- Debian/libmikmodfrom 0, < 3.1.11-6.0.1+lenny1