adplug is vulnerable to arbitrary code execution. Multiple heap-based buffer overflow in CmkjPlayer::load()
in mkj.cpp
allows an attacker to execute arbitrary code on the host OS.
github.com/adplug/adplug/commit/b5fb32c5d2af4444525cad2adef0bd63a9b5b414
github.com/adplug/adplug/issues/87
lists.fedoraproject.org/archives/list/[email protected]/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/
lists.fedoraproject.org/archives/list/[email protected]/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/