oss-sec mailing list archives

Re: CVE id request: audiofile

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 Jan 2009 13:27:23 -0500 (EST)


======================================================
Name: CVE-2008-5824
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5824
Reference: MLIST:[oss-security] 20081230 CVE id request: audiofile
Reference: URL:http://openwall.com/lists/oss-security/2008/12/30/1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205
Reference: CONFIRM:http://musicpd.org/mantis/view.php?id=1915

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
0.2.6 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WAV file.

Current thread:

Re: CVE id request: audiofile Nico Golde (Jan 03)
- <Possible follow-ups>
- Re: CVE id request: audiofile Steven M. Christey (Jan 07)