Launchpad.net

CVE 2009-0136

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.

Related bugs and status

CVE-2009-0136 (Candidate) is related to these bugs:

Bug #318555: Amarok - integer overflows and unchecked allocation vulnerabilities

		In	Importance	Status
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Intrepid)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Jaunty)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Hardy)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Dapper)	Undecided	Invalid
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	amarok (Ubuntu Gutsy)	Undecided	Fix Released
318555	Amarok - integer overflows and unchecked allocation vulnerabilities	The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009011...
MISC: http://trapkit.de/advi...
CONFIRM: http://amarok.kde.org/...
CONFIRM: http://bugs.gentoo.org...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://bugzilla.redha...
SECTRACK: 1021558
SECUNIA: 33505
DEBIAN: DSA-1706
MANDRIVA: MDVSA-2009:030
BID: 33210
SECUNIA: 33522
SREASON: 4915
FEDORA: FEDORA-2009-0715
SECUNIA: 33640
SUSE: SUSE-SR:2009:003
SECUNIA: 33819
UBUNTU: USN-739-1
SECUNIA: 34315
GENTOO: GLSA-200903-34
SECUNIA: 34407
VUPEN: ADV-2009-0100
CONFIRM: http://websvn.kde.org/...
CONFIRM: http://websvn.kde.org/...
CONFIRM: http://websvn.kde.org/...
BUGTRAQ: 20090111 [TKADV2009-00...