CVE-2008-5824 audiofile denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file
Bug #527033 reported by
Stefan Lesicnik
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
audiofile (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Intrepid |
Fix Released
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Invalid
|
Medium
|
Unassigned |
Bug Description
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6
allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted WAV
file.
References
http://
Related branches
lp:~stefanlsd/ubuntu/karmic/audiofile/merge-lenny1
- Jamie Strandboge: Approve
-
Diff: 176 lines (+156/-0)3 files modifieddebian/changelog (+12/-0)
debian/patches/00list (+1/-0)
debian/patches/22_CVE-2008-5824.dpatch (+143/-0)
CVE References
Changed in audiofile (Ubuntu): | |
importance: | Low → Medium |
Changed in audiofile (Ubuntu Dapper): | |
status: | New → Confirmed |
Changed in audiofile (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in audiofile (Ubuntu Intrepid): | |
status: | New → Confirmed |
Changed in audiofile (Ubuntu Jaunty): | |
status: | New → Confirmed |
Changed in audiofile (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in audiofile (Ubuntu Karmic): | |
importance: | Undecided → Medium |
Changed in audiofile (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
Changed in audiofile (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in audiofile (Ubuntu Dapper): | |
importance: | Undecided → Medium |
Changed in audiofile (Ubuntu Intrepid): | |
importance: | Undecided → Medium |
tags: | added: patch |
Changed in audiofile (Ubuntu Jaunty): | |
assignee: | nobody → ozzie (toplisowen7) |
Changed in audiofile (Ubuntu Jaunty): | |
assignee: | ozzie (toplisowen7) → nobody |
To post a comment you must log in.
This is fixed in Lucid already and CVE tracker can be updated.