blob: 389a444a1744fef16e34d3c90e78a09a2c283759 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200812-05">
<title>libsamplerate: User-assisted execution of arbitrary code</title>
A buffer overflow vulnerability in libsamplerate might lead to the
execution of arbitrary code.
<product type="ebuild">libsamplerate</product>
<announced>December 02, 2008</announced>
<revised>December 02, 2008: 01</revised>
<package name="media-libs/libsamplerate" auto="yes" arch="*">
<unaffected range="ge">0.1.4</unaffected>
<vulnerable range="lt">0.1.4</vulnerable>
Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for
Russell O'Connor reported a buffer overflow in src/src_sinc.c related
to low conversion ratios.
<impact type="normal">
A remote attacker could entice a user or automated system to process a
specially crafted audio file possibly leading to the execution of
arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All libsamplerate users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libsamplerate-0.1.4&quot;</code>
<uri link="">CVE-2008-5008</uri>
<metadata tag="requester" timestamp="Fri, 07 Nov 2008 13:51:38 +0000">
<metadata tag="submitter" timestamp="Thu, 27 Nov 2008 16:25:38 +0000">
<metadata tag="bugReady" timestamp="Thu, 27 Nov 2008 16:25:44 +0000">