On Sun, 10 Apr 2011, Rémi Denis-Courmont wrote: > Hello, > > Le dimanche 10 avril 2011 18:34:34 Nico Golde, vous avez écrit : > > * Remi Denis-Courmont <r...@remlab.net> [2011-04-10 09:36]: > > > An exploitable memory corruption vulnerability has been publicized > > > against libmodplug 0.8.8.1: > > > http://seclists.org/fulldisclosure/2011/Apr/113 > > > > > > Upstream version 0.8.8.2 fixes the issue. > > > > How important is this library for vlc and others from an end-user > > perspective? The code doesn't look like it was written with security in > > mind and I guess it's only a matter of time for new issues to popup for > > this lib. > > I have not looked at the code. I believe it's the only way to decode trackers > in VLC (and possibly other media frameworks) at the moment. I do not know any > alternative OSS library for tracker decoding.
Ages ago, (lib)mikmod was quite popular, but a quick google shows that it doesn't seem all too maintained these days, and iirc modplug sounded better. // Martin