AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.Referenceshttps://github.com/adplug/adplug/issues/85https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/
