M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.