Bug 479946 - amarok: integer overflows and unchecked allocation when parsing malformed Audible digital audio files
Summary: amarok: integer overflows and unchecked allocation when parsing malformed Aud...
Keywords:
Status: CLOSED DUPLICATE of bug 479560
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.trapkit.de/advisories/TKAD...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-14 08:52 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-14 08:59:29 UTC
Embargoed:


Attachments (Terms of Use)
Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (2.0.1.1) (1.30 KB, patch)
2009-01-14 08:56 UTC, Jan Lieskovsky
no flags Details | Diff

Description Jan Lieskovsky 2009-01-14 08:52:14 UTC
Multiple integer overflow flaws (leading to heap-based buffer overflows) and
unchecked allocation vulnerabilities has been reported in the Amarok multimedia
player, when parsing malformed Audible digital audio files. A remote attacker
could use this flaw to execute arbitrary code in the context of user running
the Amarok multimedia player.

References:
http://www.trapkit.de/advisories/TKADV2009-002.txt
http://bugs.gentoo.org/show_bug.cgi?id=254896
http://amarok.kde.org/en/releases/2.0.1.1

Proposed solution:
Please upgrade to upstream version of 2.0.1.1.

Comment 1 Jan Lieskovsky 2009-01-14 08:53:16 UTC
This issue affects all versions of the Amarok multimedia player package,
as shipped with Fedora releases of 9, 10 and devel.

Please update to upstream version 2.0.1.1.

Comment 2 Jan Lieskovsky 2009-01-14 08:56:52 UTC
Created attachment 328959 [details]
Diff for audibletag.cpp file between latest F10 amarok version (2.0-2.fc10) and latest upstream amarok (2.0.1.1)

Comment 3 Tomas Hoger 2009-01-14 08:59:29 UTC

*** This bug has been marked as a duplicate of bug 479560 ***


Note You need to log in before you can comment on or make changes to this bug.