Launchpad CVE tracker

CVE 2009-0135

Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2009-0135 (Candidate) is related to these bugs:

Bug #318555: Amarok - integer overflows and unchecked allocation vulnerabilities

		In	Importance	Status
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Intrepid)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Jaunty)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Hardy)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Dapper)	Undecided	Invalid
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Gutsy)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009011...
MISC: http://trapkit.de/advi...
CONFIRM: http://amarok.kde.org/...
CONFIRM: http://bugs.gentoo.org...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://bugzilla.redha...
SECTRACK: 1021558
SECUNIA: 33505
DEBIAN: DSA-1706
MANDRIVA: MDVSA-2009:030
BID: 33210
SECUNIA: 33522
SREASON: 4915
FEDORA: FEDORA-2009-0715
SECUNIA: 33640
SUSE: SUSE-SR:2009:003
SECUNIA: 33819
UBUNTU: USN-739-1
SECUNIA: 34315
GENTOO: GLSA-200903-34
SECUNIA: 34407
VUPEN: ADV-2009-0100
CONFIRM: http://websvn.kde.org/...
CONFIRM: http://websvn.kde.org/...
CONFIRM: http://websvn.kde.org/...
BUGTRAQ: 20090111 [TKADV2009-00...

Launchpad.net

CVE 2009-0135

Related bugs and status

Related bugs

References