Your submission was sent successfully! Close

CVE-2008-5824

Published: 2 January 2009

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.

Notes

AuthorNote
mdeslaur
PoC: http://filebin.ca/meqmyu/max_theme.wav
Priority

Medium

Status

Package Release Status
audiofile
Launchpad, Ubuntu, Debian
dapper
Released (0.2.6-6ubuntu1.1)
gutsy Needed
(reached end-of-life)
hardy
Released (0.2.6-7ubuntu1.8.04.1)
intrepid
Released (0.2.6-7ubuntu1.8.10.1)
jaunty
Released (0.2.6-7ubuntu1.9.04.1)
karmic
Released (0.2.6-7ubuntu2.1)
upstream
Released (0.2.6-7.1)
Patches:
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=59;filename=22_CVE-2008-5824.dpatch;att=1;bug=510205
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu.
normalize-audio
Launchpad, Ubuntu, Debian
dapper
Released (0.7.6-7ubuntu0.1)
hardy
Released (0.7.7-2ubuntu0.8.04.1)
intrepid
Released (0.7.7-2ubuntu0.8.10.1)
jaunty
Released (0.7.7-2ubuntu0.9.04.1)
karmic
Released (0.7.7-4ubuntu0.1)
upstream Needs triage

This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu.