|Integer overflow in the CSoundFile::ReadMed function
(src/load_med.cpp) in libmodplug before 0.8.6, as used in
gstreamer-plugins, TTPlayer, and other products, allows
context-dependent attackers to execute arbitrary code via a MED file
with a crafted (1) song comment or (2) song name, which triggers a
heap-based buffer overflow, as exploited in the wild in August 2008.