Lucene search

K
freebsdFreeBSD6BB6188C-17B2-11DE-AE4D-0030843D3802
HistoryJan 12, 2009 - 12:00 a.m.

amarok -- multiple vulnerabilities

2009-01-1200:00:00
vuxml.freebsd.org
23

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%

Secunia reports:

Tobias Klein has reported some vulnerabilities in Amarok, which
potentially can be exploited by malicious people to compromise a
user’s system.
Two integer overflow errors exist within the
“Audible::Tag::readTag()” function in
src/metadata/audible/audibletag.cpp. These can be exploited to cause
heap-based buffer overflows via specially crafted Audible Audio
files.
Two errors within the “Audible::Tag::readTag()” function in
src/metadata/audible/audibletag.cpp can be exploited to corrupt
arbitrary memory via specially crafted Audible Audio files.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchamarok< 1.4.10_3UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%