Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1791 to the following vulnerability: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
Issue was fixed upstream in 1.0.20: http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html Upstream also created patches for few recent versions (1.0.15 - 1.0.19), fixing this issue and issue tracked via bug #502657.
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
I see that libsndfile-1.0.17-4.el5 is submitted to EPEL5 now, so closing.