Bug 479946 - amarok: integer overflows and unchecked allocation when parsing malformed Audible digital audio files
amarok: integer overflows and unchecked allocation when parsing malformed Aud...
Status: CLOSED DUPLICATE of bug 479560
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://www.trapkit.de/advisories/TKAD...
reported=20090114,public=20090105,imp...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-14 03:52 EST by Jan Lieskovsky
Modified: 2016-03-04 06:05 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-14 03:59:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (2.0.1.1) (1.30 KB, patch)
2009-01-14 03:56 EST, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2009-01-14 03:52:14 EST
Multiple integer overflow flaws (leading to heap-based buffer overflows) and
unchecked allocation vulnerabilities has been reported in the Amarok multimedia
player, when parsing malformed Audible digital audio files. A remote attacker
could use this flaw to execute arbitrary code in the context of user running
the Amarok multimedia player.

References:
http://www.trapkit.de/advisories/TKADV2009-002.txt
http://bugs.gentoo.org/show_bug.cgi?id=254896
http://amarok.kde.org/en/releases/2.0.1.1

Proposed solution:
Please upgrade to upstream version of 2.0.1.1.
Comment 1 Jan Lieskovsky 2009-01-14 03:53:16 EST
This issue affects all versions of the Amarok multimedia player package,
as shipped with Fedora releases of 9, 10 and devel.

Please update to upstream version 2.0.1.1.
Comment 2 Jan Lieskovsky 2009-01-14 03:56:52 EST
Created attachment 328959 [details]
Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (2.0.1.1)
Comment 3 Tomas Hoger 2009-01-14 03:59:29 EST

*** This bug has been marked as a duplicate of bug 479560 ***

Note You need to log in before you can comment on or make changes to this bug.