oss-sec mailing list archives
Re: CVE request: libcdaudio
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 7 Nov 2008 18:25:26 +0100
On Wed, 5 Nov 2008 09:07:23 +0100 Thomas Biege <thomas () suse de> wrote:
we need a CVE-ID for a buffer overflow in libcdaudio. It is a remotely exploitable heap-based buffer overflow.
If you have been using libcdaudio packages based on ATrpms / Fedora, you may have libcdaudio-0.99.12-buffovfl.patch, which addresses the same issue, it only mallocs more instead of fgetsing less. http://cvs.fedoraproject.org/viewvc/rpms/libcdaudio/devel/libcdaudio-0.99.12-buffovfl.patch This issue does not seem to affect CDDB code used by grip/gnome-vfs2, which may have common origin and previously had some flaws identical to libcdaudio (see below). Additionally, if you are shipping libcdaudio, you may be interested in patch for CVE-2005-0706 used by Gentoo: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libcdaudio/files/libcdaudio-0.99-CAN-2005-0706.patch According to the libcdaudio home page, upstream seems to be aware of this issue, as they acknowledge having security issues and even link to old Gentoo GLSA. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: libcdaudio Thomas Biege (Nov 04)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 07)
- Re: CVE request: libcdaudio Thomas Biege (Nov 11)
- Re: CVE request: libcdaudio Steven M. Christey (Nov 10)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 11)
- Re: CVE request: libcdaudio Thomas Biege (Nov 11)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 11)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 07)