CVE-2007-6720

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.

Published: Jan 20, 2009
Updated: Apr 13, 2023
CVE: CVE-2007-6720
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
igno_saitz / libmikmod	3.1.10-2	3.1.10-2.x
igno_saitz / libmikmod	3.1.10-4	3.1.10-4.x
igno_saitz / libmikmod	3.1.9-6	3.1.9-6.x
igno_saitz / libmikmod	3.1.9-4	3.1.9-4.x
igno_saitz / libmikmod	3.2.0	3.2.0.x
igno_saitz / libmikmod	3.1.9-1	3.1.9-1.x
igno_saitz / libmikmod	3.1.11-4	3.1.11-4.x
igno_saitz / libmikmod	3.1.9-2	3.1.9-2.x
igno_saitz / libmikmod	3.1.11-3	3.1.11-3.x
igno_saitz / libmikmod	3.1.10-3	3.1.10-3.x
igno_saitz / libmikmod	3.1.9-3	3.1.9-3.x
igno_saitz / libmikmod	3.1.11-1	3.1.11-1.x
igno_saitz / libmikmod	3.1.10-1	3.1.10-1.x
igno_saitz / libmikmod	3.1.11-6	3.1.11-6.x
igno_saitz / libmikmod	3.1.9-5	3.1.9-5.x
igno_saitz / libmikmod	3.1.11-2	3.1.11-2.x
igno_saitz / libmikmod	3.1.10-5	3.1.10-5.x
igno_saitz / libmikmod	3.1.11-5	3.1.11-5.x
igno_saitz / libmikmod	3.1.12	3.1.12.x

Vulnerability Database

289,697

CVE-2007-6720