Anything's exploitable. If there is parsing involved a buffer overflow is possible, especially if it's handled using unsafe string methods in C. If it's not validating input properly you could probably heap overflow, depending on how music is played (which I don't know.)
It allows for some kind of input - ie: the music file. That's pretty much all an attacker needs to be able to exploit it, assuming there are vulnerabilities in that area to exploit.
Not sure about that profile. I've never used any music programs on Ubuntu.