Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.