Red Hat Bugzilla – Bug 488361
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
Last modified: 2010-12-20 17:16:10 EST
Quoting Secunia's advisory:
Secunia Research has discovered a vulnerability in libsndfile, which
can be exploited by malicious people to compromise an application
using the library.
The vulnerability is caused due to an integer overflow error in the
processing of CAF description chunks. This can be exploited to cause
a heap-based buffer overflow by tricking the user into processing a
specially crafted CAF audio file.
Successful exploitation may allow execution of arbitrary code.
The original advisory can be found here:
Verification of the vulnerability was against 1.0.18; 1.0.19 corrects the problem
Created libsndfile tracking bugs for this issue
CVE-2009-0186 Affects: F10 [bug #488362]
CVE-2009-0186 Affects: F9 [bug #488363]
CVE-2009-0186 Affects: epel-5 [bug #488364]
Created attachment 333940 [details]
possible patch to fix CVE-2009-0186
Quick look in the changelog shows:
Validate channels per frame value before using, fixing a possible integer
overflow bug, leading to a possible heap overflow. Found by Alin Rad Pop of
Secunia Research (CVE-2009-0186).
and the patch attached contains the relevant changes that look like they would correct this issue.
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
Odd, this bug should have been automatically closed. Could someone verify that the problem is fixed?
There is still a tracker open against EPEL5, which does not look to be fixed.
Thanks. I'll be requesting a fast-track decision to take over the package -- a security bug that only needs updating the EL-5 branch to fix is rather unacceptable.