Lucene search

K
ubuntuUbuntuUSN-739-1
HistoryMar 17, 2009 - 12:00 a.m.

Amarok vulnerabilities

2009-03-1700:00:00
ubuntu.com
44

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.118

Percentile

95.3%

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10

Packages

  • amarok -

Details

It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchamarok< 2:1.4.10-0ubuntu3.1UNKNOWN
Ubuntu8.10noarchamarok-dbg< 2:1.4.10-0ubuntu3.1UNKNOWN
Ubuntu8.10noarchamarok-engine-xine< 2:1.4.10-0ubuntu3.1UNKNOWN
Ubuntu8.10noarchamarok-engine-yauap< 2:1.4.10-0ubuntu3.1UNKNOWN
Ubuntu8.04noarchamarok< 2:1.4.9.1-0ubuntu3.2UNKNOWN
Ubuntu8.04noarchamarok-engines< 2:1.4.9.1-0ubuntu3.2UNKNOWN
Ubuntu8.04noarchamarok-xine< 2:1.4.9.1-0ubuntu3.2UNKNOWN
Ubuntu7.10noarchamarok< 2:1.4.7-0ubuntu3.2UNKNOWN
Ubuntu7.10noarchamarok-engines< 2:1.4.7-0ubuntu3.2UNKNOWN
Ubuntu7.10noarchamarok-xine< 2:1.4.7-0ubuntu3.2UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.118

Percentile

95.3%