Multiple integer overflow flaws (leading to heap-based buffer overflows) and unchecked allocation vulnerabilities has been reported in the Amarok multimedia player, when parsing malformed Audible digital audio files. A remote attacker could use this flaw to execute arbitrary code in the context of user running the Amarok multimedia player. References: http://www.trapkit.de/advisories/TKADV2009-002.txt http://bugs.gentoo.org/show_bug.cgi?id=254896 http://amarok.kde.org/en/releases/2.0.1.1 Proposed solution: Please upgrade to upstream version of 2.0.1.1.
This issue affects all versions of the Amarok multimedia player package, as shipped with Fedora releases of 9, 10 and devel. Please update to upstream version 2.0.1.1.
Created attachment 328959 [details] Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (2.0.1.1)
*** This bug has been marked as a duplicate of bug 479560 ***