Lucene search
RootSSV:4431HistoryNov 12, 2008 - 12:00 a.m.
libcdaudio cddb.c远程堆溢出漏洞
2008-11-1200:00:00
Root
www.seebug.org
15
EPSS
0.02
Percentile
88.9%
BUGTRAQ ID: 32122
CVE(CAN) ID: CVE-2008-5030
libcdaudio是用于控制音频CD的可移植函数库。
libcdaudio库的cddb.c文件中的cddb_read_disc_data函数在解析超长CDDB数据时存在堆溢出漏洞:
— src/cddb.c
+++ src/cddb.c
@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct disc_data
*outdata)
free(file);
while(!feof(cddb_data)) {
-
fgets(inbuffer, 512, cddb_data);
-
fgets(inbuffer, 256, cddb_data); cddb_process_line(inbuffer, data); }
如果用户受骗加载了恶意的音频文件的话,就可能触发这个溢出,导致执行任意指令。
libcdaudio 0.99.12 p2
libcdaudio
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://sourceforge.net/tracker/download.php?group_id=27134&atid=389442&file_id=148743&aid=1288043” target=“_blank”>http://sourceforge.net/tracker/download.php?group_id=27134&atid=389442&file_id=148743&aid=1288043</a>
Related
prion
prion
Heap overflow
2008-11-10 16:15:00
openvas
openvas
Debian Security Advisory DSA 1665-1 (libcdaudio)
2008-11-19 00:00:00
Gentoo Security Advisory GLSA 200903-31 (libcdaudio)
2009-03-20 00:00:00
Gentoo Security Advisory GLSA 200903-31 (libcdaudio)
2009-03-20 00:00:00
nessus
nessus
GLSA-200903-31 : libcdaudio: User-assisted execution of arbitrary code
2009-03-18 00:00:00
Debian DSA-1665-1 : libcdaudio - heap overflow
2008-11-13 00:00:00
cve
cve
CVE-2008-5030
2008-11-10 16:15:12
debiancve
debiancve
CVE-2008-5030
2008-11-10 16:15:12
debian
debian
[SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution
2008-11-12 22:30:18
gentoo
gentoo
libcdaudio: User-assisted execution of arbitrary code
2009-03-17 00:00:00
cvelist
cvelist
CVE-2008-5030
2008-11-10 16:00:00
ubuntucve
ubuntucve
CVE-2008-5030
2008-11-10 00:00:00
nvd
nvd
CVE-2008-5030
2008-11-10 16:15:12
freebsd
freebsd
libcdaudio -- remote buffer overflow and code execution
2008-11-05 00:00:00