Red Hat Bugzilla – Bug 885893
CVE-2012-6303 tcl-snack: multiple buffer overflows
Last modified: 2015-07-31 02:55:57 EDT
CVE-2012-6303 was assigned by MITRE to multiple buffer overflows in WaveSurfer (not shipped) and the Snack Sound Toolkit (tcl-snack):
Product source: http://www.speech.kth.se/snack/
(The www.speech.kth.se site refers to "Snack v2.2.10
released December 01 Bug fix release" but this is
apparently about December 01 2004 -- not about a 2012
No fix is available as of yet.
Also note that the only things that use tcl-snack in Fedora is amsn and coccinella, but I couldn't find a way to change the sounds that play, which means the end user would need to download this crafted sound file from somewhere and associate it as a sound in either program somehow (possibly these IM clients will play remote sounds as well, not sure). Also, there is a python-snack that makes use of tcl-snack, but I'm unaware of any programs that use python-snack.
Created tcl-snack tracking bugs for this issue
Affects: fedora-all [bug 885894]
Created attachment 671186 [details]
Proposed patch by Michael Karcher to fix CVE-2012-6303
I am attaching a patch created by Michael Karcher which fixes the problem. I have tested his patch on Debian with libsnack 2.2.10 and WaveSurfer 1.8.8p3, the crashes do no longer occur.
I have uploaded the updated snack package into Debian already. Please review and hopefully apply the patch in Fedora as well.
tcl-snack-2.2.10-17.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
tcl-snack-2.2.10-17.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
tcl-snack-2.2.10-17.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.