Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1788 to the following vulnerability: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
*** Bug 501053 has been marked as a duplicate of this bug. ***
Link to original Tobias Klein's advisory: http://trapkit.de/advisories/TKADV2009-006.txt Issue was fixed upstream in 1.0.20: http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html Upstream also created patches for few recent versions (1.0.15 - 1.0.19).
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This is already fixed in all releases, what is it NEW then ?
EPEL-5 has libsndfile-1.0.17-2.el5.
This is still not fixed in EPEL5 (1.0.17-3.el5), yet it was updated recently: * Thu Jul 08 2010 Michel Salim <salimma> - 1.0.17-3 - Fix for channel per frame overflow (CVE-2009-0186, #488364) Will this be fixed in EPEL5?
Bui(In reply to comment #8) > Will this be fixed in EPEL5? Building right now. Thanks for asking, without it I won't know about this bug (this bug was filled before I became co-maintainer and is not filled directly against libsndfile, so I did not know this bug existed).
Thanks much for taking care of it!
I see that libsndfile-1.0.17-4.el5 was submitted for EPEL5. Closing, with many thanks!