A vulnerability has been discovered and corrected in libmikmod: Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via crafted samples or crafted instrument definitions in an Impulse Tracker file . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program