EUVD-2002-1875

Malware in sbrugna...

CVE-2002-1896

Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long 1 -f or 2 -o command line argument...

SUSE CVE-2006-4089

Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service application crash, or have other unknown impact, via 1 a long Location field sent by a web server, which triggers an overflow in the reconnect function in...

SUSE CVE-2007-5301

Buffer overflow in the vorbisstreaminfo function in input/vorbis/vorbisengine.c aka the vorbis input plugin in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments...

AlsaPlayer 0.99.x - Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25969/info AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue allows...

AlsaPlayer 0.99.x Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19450/info AlsaPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. An attacker can exploit...

Alsaplayer 0.99.71 Local Buffer Overflow Vulnerablity

No description provided by source. source: http://www.securityfocus.com/bid/5767/info Alsaplayer is a PCM player that utilizes the ALSA libraries and drivers. It is availabe for Linux and Unix platforms. A vulnerability has been discovered in Alsaplayer. By specifying an overly long add-on path, ...

Alsaplayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow Exploit

No description provided by source. I have released this exploit for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ With my modified version of vorbiscomment, you can generate a ogg exploit like this: whats@debian:$...

FreeBSD : alsaplayer -- multiple vulnerabilities (9855ac8e-2aec-11db-a6e2-000e0c2e438a)

Luigi Auriemma reports three vulnerabilities within alsaplayer : - The function which handles the HTTP connections is vulnerable to a buffer-overflow that happens when it uses sscanf for copying the URL in the Location's field received from the server into the redirect buffer of only 1024 bytes...

Gentoo Security Advisory GLSA 200608-24 (AlsaPlayer)

The remote host is missing updates announced in advisory GLSA 200608-24. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200608-24 (AlsaPlayer)

The remote host is missing updates announced in advisory GLSA 200608-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

FreeBSD Ports: alsaplayer

The remote host is missing an update to the system as announced in the referenced advisory. VID 9855ac8e-2aec-11db-a6e2-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: alsaplayer

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian Security Advisory DSA 1538-1 (alsaplayer)

The remote host is missing an update to alsaplayer announced via advisory DSA 1538-1. OpenVAS Vulnerability Test $Id: deb15381.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1538-1 alsaplayer Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1538-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alsaplayer &lt; 0.99.80-rc3 Vorbis Input Local Buffer Overflow Exploit

No description provided by source. I have released this exploit for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ With my modified version of vorbiscomment, you can generate a ogg exploit like this: whats@debian:$...

Debian DSA-1538-1 : alsaplayer - buffer overrun

Erik Sjolund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously crafted Vorbis file could lead to the execution of arbitrary code. %NASLMINLEVEL...

AlsaPlayer &lt; 0.99.80-rc3 - Vorbis Input Local Buffer Overflow

I have released this exploit for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ With my modified version of vorbiscomment, you can generate a ogg exploit like this: whats@debian:$ vorbiscomment.whats -w -t "TITLE=$perl -e 'print...

AlsaPlayer buffer overflow

Buffer overflow on oversized .ogg comment...

alsaplayer-overflow.txt

I have released this exploit for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ With my modified version of vorbiscomment, you can generate a ogg exploit like this: whats@debian:$ vorbiscomment.whats -w -t "TITLE=$perl -e 'print...