[Bug 527033] Re: CVE-2008-5824 audiofile denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file

Launchpad Bug Tracker Tue, 16 Mar 2010 10:17:47 -0700

This bug was fixed in the package audiofile - 0.2.6-7ubuntu2.1

---------------
audiofile (0.2.6-7ubuntu2.1) karmic-security; urgency=high


  * SECURITY UPDATE: Heap-based buffer overflow in msadpcm.c in libaudiofile
    in audiofile 0.2.6 allows context-dependent attackers to cause a denial
    of service (application crash) or possibly execute arbitrary code via a
    crafted WAV file.  (LP: #527033)
    - debian/patches/22_CVE-2008-5824.dpatch: Fix buffer overflow when
      decompressing MS ADPCM .wav files.
    - CVE-2008-5824
 -- Stefan Lesicnik <ste...@lsd.lsd.co.za>   Wed, 24 Feb 2010 19:13:42 +0200

** Changed in: audiofile (Ubuntu Karmic)
       Status: Confirmed => Fix Released

** Changed in: audiofile (Ubuntu Jaunty)
       Status: Confirmed => Fix Released

-- 
CVE-2008-5824 audiofile denial of service (application crash) or possibly 
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 527033] Re: CVE-2008-5824 audiofile denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file

Reply via email to