adplug is vulnerable to arbitrary code execution. Multiple heap-based buffer overflow in CradLoader::load()
in rad.cpp
allows an attacker to execute arbitrary code on the host OS.
github.com/adplug/adplug/commit/cb715174f95187bf544c11ca2a2ecd091b7fbb8a
github.com/adplug/adplug/issues/89
lists.fedoraproject.org/archives/list/[email protected]/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/
lists.fedoraproject.org/archives/list/[email protected]/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/