GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 27, 2009 7:26 pm Post subject: [ GLSA 200905-09 ] libsndfile: User-assisted execution of ar |
 |
|
Gentoo Linux Security Advisory
Title: libsndfile: User-assisted execution of arbitrary code (GLSA 200905-09)
Severity: normal
Exploitable: remote
Date: May 27, 2009
Bug(s): #269863
ID: 200905-09
Synopsis
Multiple heap-based buffer overflow vulnerabilities in libsndfile might
allow remote attackers to execute arbitrary code.
Background
libsndfile is a C library for reading and writing files containing
sampled sound.
Affected Packages
Package: media-libs/libsndfile
Vulnerable: < 1.0.20
Unaffected: >= 1.0.20
Architectures: All supported architectures
Description
The following vulnerabilities have been found in libsndfile:
- Tobias Klein reported that the header_read() function in
src/common.c uses user input for calculating a buffer size, possibly
leading to a heap-based buffer overflow (CVE-2009-1788). - The
vendor reported a boundary error in the aiff_read_header() function in
src/aiff.c, possibly leading to a heap-based buffer overflow
(CVE-2009-1791).
Impact
A remote attacker could entice a user to open a specially crafted AIFF
or VOC file in a program using libsndfile, possibly resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Workaround
There is no known workaround at this time.
Resolution
All libsndfile users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.20" |
References
CVE-2009-1788
CVE-2009-1791
Last edited by GLSA on Thu Dec 10, 2009 4:28 am; edited 2 times in total |
|
News & Announcements
