GNU libextractor-dev 1.6 allows remote attackers to cause a denial of service via a crafted GIF, IT, NSFE, S3M , SID, or XM file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.