CVE-2007-6720

NameCVE-2007-6720
Descriptionlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs422021, 461519

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmikmod (PTS)jessie3.3.7-1fixed
stretch3.3.10-1fixed
bullseye, sid, buster3.3.11.1-4fixed
sdl-mixer1.2 (PTS)jessie, stretch1.2.12-11fixed
buster1.2.12-15fixed
bullseye, sid1.2.12-16fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmikmodsource(unstable)3.1.11-6.1low461519
sdl-mixer1.2source(unstable)1.2.8-1low422021

Notes

[etch] - libmikmod <no-dsa> (Minor issue)
[lenny] - libmikmod <no-dsa> (Minor issue)
[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems