Red Hat Bugzilla – Bug 479946
amarok: integer overflows and unchecked allocation when parsing malformed Audible digital audio files
Last modified: 2016-03-04 06:05:33 EST
Multiple integer overflow flaws (leading to heap-based buffer overflows) and
unchecked allocation vulnerabilities has been reported in the Amarok multimedia
player, when parsing malformed Audible digital audio files. A remote attacker
could use this flaw to execute arbitrary code in the context of user running
the Amarok multimedia player.
Please upgrade to upstream version of 220.127.116.11.
This issue affects all versions of the Amarok multimedia player package,
as shipped with Fedora releases of 9, 10 and devel.
Please update to upstream version 18.104.22.168.
Created attachment 328959 [details]
Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (22.214.171.124)
*** This bug has been marked as a duplicate of bug 479560 ***