GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Oct 07, 2007 9:26 pm Post subject: [ GLSA 200710-04 ] libsndfile: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: libsndfile: Buffer overflow (GLSA 200710-04)
Severity: normal
Exploitable: remote
Date: October 07, 2007
Bug(s): #192834
ID: 200710-04
Synopsis
A buffer overflow vulnerability has been discovered in libsndfile.
Background
libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC.
Affected Packages
Package: media-libs/libsndfile
Vulnerable: < 1.0.17-r1
Unaffected: >= 1.0.17-r1
Architectures: All supported architectures
Description
Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow (CVE-2007-4974).
Impact
A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted FLAC file or network stream with an application using libsndfile. This might lead to the execution of arbitrary code with privileges of the user playing the file.
Workaround
There is no known workaround at this time.
Resolution
All libsndfile users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.17-r1" |
References
CVE-2007-4974 |
|
News & Announcements
