Bug 470822 - (CVE-2008-5008) CVE-2008-5008 libsamplerate: buffer overflow on "extreme low conversion ratios"
CVE-2008-5008 libsamplerate: buffer overflow on "extreme low conversion ratios"
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
impact=?
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-10 09:19 EST by Tomas Hoger
Modified: 2010-04-21 17:39 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-21 17:39:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
src/src_sinc.c 0.13 -> 0.14 diff (822 bytes, patch)
2008-11-10 09:22 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-11-10 09:19:05 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5008 to the following vulnerability:

Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or
libsamplerate) before 0.1.4, when "extreme low conversion ratios" are
used, allows user-assisted attackers to have an unknown impact via a
crafted audio file.

References:
http://www.openwall.com/lists/oss-security/2008/11/03/6
http://www.mega-nerd.com/SRC/ChangeLog
Comment 1 Tomas Hoger 2008-11-10 09:22:05 EST
Created attachment 323069 [details]
src/src_sinc.c 0.13 -> 0.14 diff

Only change in src/src_sinc.c between 0.13 and 0.14.

I haven't looked closely whether this is over-write or over-read only.
Comment 2 Hans de Goede 2008-11-11 03:55:05 EST
I do not believe this bufferoverflow is something which can be triggered remotely, not even by a crafted file.

Never the less I've updated F-8 and F-9 cvs to the latest upstream (F-10 and later already has that), which fixes this and is ABI compatible, and I've done builds of this:
libsamplerate-0.1.4-1.fc9 Tag: dist-f9-updates-candidate:
http://koji.fedoraproject.org/koji/buildinfo?buildID=69053
libsamplerate-0.1.4-1.fc8 Tag: dist-f8-updates-candidate:
http://koji.fedoraproject.org/koji/buildinfo?buildID=69056

Although I do not expect any problems from these updates, given the low if any security impact of this I would prefer to see this pushed to the repo through updates-testing if pushed at all.
Comment 3 Tomas Hoger 2008-11-14 03:07:24 EST
Hans, thanks for checking.  I'll fully trust your judgement here, as you surely know the code much better as long-term maintainer of this package.  If you decide to submit anyway, feel free to do it via testing first.
Comment 4 Vincent Danen 2010-04-21 17:39:16 EDT
I'm going to close this.  Current Fedora has 0.1.6 or newer, although EPEL5 has 0.1.2.  However, if we do not believe this can be triggered at all, then we should not classify this as a security issue.

Note You need to log in before you can comment on or make changes to this bug.