libsndfile FLAC.C Buffer Overflow Vulnerability
BID:25758
Info
libsndfile FLAC.C Buffer Overflow Vulnerability
| Bugtraq ID: | 25758 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4974 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2007 12:00AM |
| Updated: | Apr 20 2011 06:44AM |
| Credit: | Robert Buchholz <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Sun Solaris 11 Express Red Hat Fedora Core6 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 libsndfile libsndfile 1.0.17 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
libsndfile FLAC.C Buffer Overflow Vulnerability
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code with the permission of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
This issue affects libsndfile 1.0.17; previous versions may also be vulnerable.
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code with the permission of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
This issue affects libsndfile 1.0.17; previous versions may also be vulnerable.
Exploit / POC
libsndfile FLAC.C Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
libsndfile FLAC.C Buffer Overflow Vulnerability
Solution:
A patch was released to address this issue. Please see the references for more information.
libsndfile libsndfile 1.0.17
Solution:
A patch was released to address this issue. Please see the references for more information.
libsndfile libsndfile 1.0.17
-
Cuyahoga libsndfile-1.0.17-flac-buffer-overflow.patch
https://bugs.gentoo.org/attachment.cgi?id=131171
References
libsndfile FLAC.C Buffer Overflow Vulnerability
References:
References: