USN-1174-1: libsndfile vulnerability
25 July 2011
An application using libsndfile could be made to crash or possibly run programs as your login if it opened a specially crafted file.
- libsndfile - Library for reading/writing audio files
Hossein Lotfi discovered that libsndfile did not properly verify the header
length and number of channels for PARIS Audio Format (PAF) audio files. An
attacker could exploit this to cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart your login session to
make all the necessary changes.