CVE-2008-5824
Published: 2 January 2009
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.
Notes
Author | Note |
---|---|
mdeslaur | PoC: http://filebin.ca/meqmyu/max_theme.wav |
Priority
Status
Package | Release | Status |
---|---|---|
audiofile Launchpad, Ubuntu, Debian |
dapper |
Released
(0.2.6-6ubuntu1.1)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(0.2.6-7ubuntu1.8.04.1)
|
|
intrepid |
Released
(0.2.6-7ubuntu1.8.10.1)
|
|
jaunty |
Released
(0.2.6-7ubuntu1.9.04.1)
|
|
karmic |
Released
(0.2.6-7ubuntu2.1)
|
|
upstream |
Released
(0.2.6-7.1)
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=59;filename=22_CVE-2008-5824.dpatch;att=1;bug=510205 |
||
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. | ||
normalize-audio Launchpad, Ubuntu, Debian |
dapper |
Released
(0.7.6-7ubuntu0.1)
|
hardy |
Released
(0.7.7-2ubuntu0.8.04.1)
|
|
intrepid |
Released
(0.7.7-2ubuntu0.8.10.1)
|
|
jaunty |
Released
(0.7.7-2ubuntu0.9.04.1)
|
|
karmic |
Released
(0.7.7-4ubuntu0.1)
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5824
- https://ubuntu.com/security/notices/USN-912-1
- NVD
- Launchpad
- Debian
Bugs
- https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/527033
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558399
- http://musicpd.org/mantis/view.php?id=1915
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5824
- http://bugs.gentoo.org/253481