Red Hat Bugzilla – Bug 296221
CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
Last modified: 2008-01-28 09:11:15 EST
Description of problem:
To quote Robert Buchholz of Gentoo:
The issue was already known upstream and a change in
libsndfile-1.0.18pre17  addressed it, but does not fix it robustly.
Attached is a fix for 1.0.17 (line numbers are including Gentoo's FLAC
patches ) that was approved by upstream.
See URL for mor details. A CVE identifier for this issue was already requested.
libsndfile-1.0.17-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.