oss-sec mailing list archives

Re: CVE request: Audacity <1.3.6 Buffer overflow

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 9 Feb 2009 19:25:33 -0500 (EST)


======================================================
Name: CVE-2009-0490
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0490
Reference: MILW0RM:7634
Reference: URL:http://www.milw0rm.com/exploits/7634
Reference: MLIST:[audacity-devel] 20090110 Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow
Reference: URL:http://n2.nabble.com/Audacity-%22String_parse::get_nonspace_quoted()%22-Buffer-Overflow-td2139537.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=253493
Reference: BID:33090
Reference: URL:http://www.securityfocus.com/bid/33090
Reference: FRSIRT:ADV-2009-0008
Reference: URL:http://www.frsirt.com/english/advisories/2009/0008
Reference: OSVDB:51070
Reference: URL:http://osvdb.org/51070
Reference: SECUNIA:33356
Reference: URL:http://secunia.com/advisories/33356

Stack-based buffer overflow in the String_parse::get_nonspace_quoted
function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
versions before 1.3.6 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a .gro file
containing a long string.

Current thread:

CVE request: Audacity <1.3.6 Buffer overflow Robert Buchholz (Feb 04)
- Re: CVE request: Audacity <1.3.6 Buffer overflow Steven M. Christey (Feb 09)