Bug 296221

Summary: CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: libsndfileAssignee: Andreas Thienemann <andreas>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 7Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.gentoo.org/show_bug.cgi?id=192834
Whiteboard: source=vendorsec,impact=low,reported=20070918
Fixed In Version: 1.0.17-2.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-24 18:00:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 430486    

Description Lubomir Kundrak 2007-09-19 13:24:10 UTC 
Description of problem:

To quote Robert Buchholz of Gentoo:

The issue was already known upstream and a change in 
libsndfile-1.0.18pre17 [2] addressed it, but does not fix it robustly. 
Attached is a fix for 1.0.17 (line numbers are including Gentoo's FLAC 
patches [3]) that was approved by upstream.

[2] http://www.mega-nerd.com/tmp/libsndfile-1.0.18pre17.tar.gz
[3] 
http://distfiles.gentoo.org/distfiles/libsndfile-1.0.17+flac-1.1.3.patch.bz2

Additional info:

See URL for mor details. A CVE identifier for this issue was already requested.
Comment 1 Fedora Update System 2007-09-24 18:00:26 UTC 
libsndfile-1.0.17-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.