An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.Referenceshttps://github.com/schismtracker/schismtracker/issues/249https://github.com/schismtracker/schismtracker/commit/1e2cc389a2a058fd13d99460c11115a6f7f7a6a4
