Debian: DSA-1814-1 Critical: Libsndfile Buffer Overflow Exploit
debian
June 13, 2009
Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data
Summary
Two vulnerabilities have been found in libsndfile, a library to read
and write sampled audio data. The Common Vulnerabilities and Exposures
project identified the following problems:
Tobias Klein discovered that the VOC parsing routines suffer of a heap-based
buffer overflow which can be triggered by an attacker via a crafted VOC
header (CVE-2009-1788).
The vendor discovered that the AIFF parsing routines suffer of a heap-based
buffer overflow similar to CVE-2009-1788 which can be triggered by an attacker
via a crafted AIFF header (CVE-2009-1791).
In both cases the overflowing data is not completely attacker controlled but
still leads to application crashes or under some circumstances might still
lead to arbitrary code execution.
For the oldstable distribution (etch), this problem has been fixed in
version 1.0.16-2+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.17-4+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unst...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libsndfile
CVE ID: CVE-2009-1788 CVE-2009-1791
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!