amarok -- multiple vulnerabilities

ID 6BB6188C-17B2-11DE-AE4D-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-01-12T00:00:00


Secunia reports:

Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag()" function in src/metadata/audible/audibletag.cpp. These can be exploited to cause heap-based buffer overflows via specially crafted Audible Audio files. Two errors within the "Audible::Tag::readTag()" function in src/metadata/audible/audibletag.cpp can be exploited to corrupt arbitrary memory via specially crafted Audible Audio files.