VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	24003
Class:	Boundary Condition Error
CVE:	CVE-2007-2568
Remote:	Yes
Local:	No
Published:	May 16 2007 12:00AM
Updated:	Mar 07 2014 12:42AM
Credit:	Carsten Eiram of Secunia Research is credited with the discovery of this issue.
Vulnerable:	VCDGear VCDGear 3.55
Not Vulnerable:

VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities

VCDGear is prone to multiple buffer-overflow vulnerabilities because it fails to adequately check boundaries on user-supplied input.

A successful exploit could let a remote attacker execute arbitrary code in the context of the application.

VCDGear 3.55 is reported vulnerable; other versions may also be affected.

VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities

The following exploit is available:

• /data/vulnerabilities/exploits/24003.rb

VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

VCDGear Cue File Handling Multiple Buffer Overflow Vulnerabilities

References:

• VCDGear Cue File Parsing Buffer Overflow Vulnerabilities (Secunia)
  
• VCDgear Homepage (VCDgear)