Red Hat Bugzilla – Bug 502658
CVE-2009-1791 libsndfile AIFF file heap based buffer overflow
Last modified: 2016-03-04 07:03:12 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1791 to the following vulnerability:
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value.
Issue was fixed upstream in 1.0.20:
Upstream also created patches for few recent versions (1.0.15 - 1.0.19), fixing this issue and issue tracked via bug #502657.
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
I see that libsndfile-1.0.17-4.el5 is submitted to EPEL5 now, so closing.