blob: 420cc0a1322775d5078d91430d4f66abc57301a9 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200905-09">
<title>libsndfile: User-assisted execution of arbitrary code</title>
Multiple heap-based buffer overflow vulnerabilities in libsndfile might
allow remote attackers to execute arbitrary code.
<product type="ebuild">libsndfile</product>
<announced>May 27, 2009</announced>
<revised>May 27, 2009: 01</revised>
<package name="media-libs/libsndfile" auto="yes" arch="*">
<unaffected range="ge">1.0.20</unaffected>
<vulnerable range="lt">1.0.20</vulnerable>
libsndfile is a C library for reading and writing files containing
sampled sound.
The following vulnerabilities have been found in libsndfile:
<li>Tobias Klein reported that the header_read() function in
src/common.c uses user input for calculating a buffer size, possibly
leading to a heap-based buffer overflow (CVE-2009-1788).</li>
vendor reported a boundary error in the aiff_read_header() function in
src/aiff.c, possibly leading to a heap-based buffer overflow
<impact type="normal">
A remote attacker could entice a user to open a specially crafted AIFF
or VOC file in a program using libsndfile, possibly resulting in the
execution of arbitrary code with the privileges of the user running the
There is no known workaround at this time.
All libsndfile users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libsndfile-1.0.20&quot;</code>
<uri link="">CVE-2009-1788</uri>
<uri link="">CVE-2009-1791</uri>
<metadata tag="requester" timestamp="Fri, 22 May 2009 17:42:40 +0000">
<metadata tag="submitter" timestamp="Mon, 25 May 2009 09:17:01 +0000">
<metadata tag="bugReady" timestamp="Mon, 25 May 2009 11:57:08 +0000">