CVE-2007-6720
EPSS 1.1%
Description
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
How to fix CVE-2007-6720
To remediate CVE-2007-6720, upgrade the affected package to a fixed version below.
- Debian/libmikmod—upgrade to 3.1.11-6.1 or later
- Debian/sdl-mixer1.2—upgrade to 1.2.8-1 or later
Is CVE-2007-6720 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.1.11-6.1
- from 0, < 1.2.8-1