Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted song comment or song name, which triggers a heap-based buffer overflow . Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name . The updated packages have been patched to prevent this.