A heap-based buffer overflow flaw was found in libsndfile's Creative Voice (VOC) file format decoder. An attacker could create a specially-crafted VOC file, which would cause an application using libsndfile to crash or, potentially, execute arbitrary code as the user running the application, when opened by a victim. A heap-based buffer overflow flaw was found in libsndfile's Audio Interchange File Format (AIFF) file format decoder. An attacker could create a malicious AIFF file (with specially-crafted 'MARK' chunk), which would cause an application using libsndfile to crash or, potentially, execute arbitrary code as the user running the application, when opened by a victim. References: http://www.mega-nerd.com/libsndfile/ChangeLog http://www.trapkit.de/advisories/published.html http://www.trapkit.de/advisories/TKADV2009-006.txt VOC file format heap-based buffer overflow discovered by: Tobias Klein AIFF file format heap-based buffer overflow discovered by: Jamie Strandboge
*** This bug has been marked as a duplicate of bug 502657 ***