CVE-2007-5301 buffer overflow in vorbis input plugi
Bug #151806 reported by
Emmet Hikory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
alsaplayer (Debian) |
Fix Released
|
Unknown
|
|||
alsaplayer (Ubuntu) |
Fix Released
|
Undecided
|
Luke Yelavich | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: alsaplayer
The following was released on:
http://
| Some vulnerabilities have been reported in AlsaPlayer, which potentially can be
| exploited by malicious people to compromise a user's system.
|
| The vulnerabilities are caused due to boundary errors in the vorbis input
| plug-in when processing .OGG files. These can be exploited to cause buffer
| overflows via a specially crafted .OGG file with overly long comments.
|
| Successful exploitation may allow execution of arbitrary code.
Patch available from http://
CVE References
Changed in alsaplayer: | |
assignee: | nobody → themuso |
status: | New → In Progress |
Changed in alsaplayer: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
alsaplayer (0.99.79-3ubuntu1) gutsy; urgency=low
* SECURITY UPDATE: Buffer overflow in vorbis input plugin (LP: #151806)
* References: CVE-2007-5301
* Update maintainer field as per spec.
-- Luke Yelavich <email address hidden> Fri, 12 Oct 2007 12:26:33 +1000