CVE-2007-6720

NameCVE-2007-6720
Descriptionlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs422021, 461519

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmikmod (PTS)buster3.3.11.1-4fixed
bullseye3.3.11.1-6fixed
sid, trixie, bookworm3.3.11.1-7fixed
sdl-mixer1.2 (PTS)buster1.2.12-15fixed
bullseye1.2.12-16fixed
trixie, bookworm1.2.12-17fixed
sid1.2.12-18fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmikmodsource(unstable)3.1.11-6.1low461519
sdl-mixer1.2source(unstable)1.2.8-1low422021

Notes

[etch] - libmikmod <no-dsa> (Minor issue)
[lenny] - libmikmod <no-dsa> (Minor issue)
[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems