Package: gtkpod Version: 2.1.5-6 Severity: important Tags: security https://github.com/wez/atomicparsley/issues/32
See also #993366 gtkpod embeds a vulnerable version of AtomicParsley which causes a stack overflow, however the data file used to test atomicparsley upstream is not recognised by gtkpod. Note that in #993366, the upstream fix for this CVE does not resolve the issue as described when the upstream fix is applied to atomicparsley, so more work may be needed here to identify the problem as it applies to the version of atomicparsley used by gtkpod. >From a check of the embedded source code, the vulnerable code can be found at: https://sources.debian.org/src/gtkpod/2.1.5-8/libs/atomic-parsley/AP_AtomExtracts.cpp/#L1325
