Lucene search
Ubuntu.comUB:CVE-2008-5824HistoryJan 02, 2009 - 12:00 a.m.
CVE-2008-5824
2009-01-0200:00:00
ubuntu.com
ubuntu.com
16
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.006
Percentile
79.1%
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6
allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted WAV
file.
Bugs
- <https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/527033>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558399>
- <http://musicpd.org/mantis/view.php?id=1915>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5824>
- <http://bugs.gentoo.org/253481>
Notes
| Author | Note |
|---|---|
| mdeslaur | PoC: http://filebin.ca/meqmyu/max_theme.wav |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | audiofile | < 0.2.6-6ubuntu1.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | audiofile | < 0.2.6-7ubuntu1.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | audiofile | < 0.2.6-7ubuntu1.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | audiofile | < 0.2.6-7ubuntu1.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | audiofile | < 0.2.6-7ubuntu2.1 | UNKNOWN |
| ubuntu | 6.06 | noarch | normalize-audio | < 0.7.6-7ubuntu0.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | normalize-audio | < 0.7.7-2ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | normalize-audio | < 0.7.7-2ubuntu0.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | normalize-audio | < 0.7.7-2ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | normalize-audio | < 0.7.7-4ubuntu0.1 | UNKNOWN |
Related
openvas
openvas
SLES9: Security update for audiofile
2009-10-10 00:00:00
SLES9: Security update for audiofile
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-912-1)
2010-03-22 00:00:00
nessus
nessus
SuSE 10 Security Update : audiofile (ZYPP Patch Number 5948)
2009-09-24 00:00:00
openSUSE Security Update : audiofile (audiofile-457)
2009-07-21 00:00:00
openSUSE 10 Security Update : audiofile (audiofile-5950)
2009-01-28 00:00:00
prion
prion
Heap overflow
2009-01-02 19:30:00
nvd
nvd
CVE-2008-5824
2009-01-02 19:30:01
exploitdb
exploitdb
cvelist
cvelist
CVE-2008-5824
2009-01-02 19:00:00
cve
cve
CVE-2008-5824
2009-01-02 19:30:01
debian
debian
[SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow
2010-01-21 16:07:25
[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow
2010-01-17 09:36:43
[SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow
2010-01-21 16:07:25
debiancve
debiancve
CVE-2008-5824
2009-01-02 19:30:01
osv
osv
audiofile - buffer overflow
2010-01-17 00:00:00
ubuntu
ubuntu
Audio File Library vulnerability
2010-03-16 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.006
Percentile
79.1%
Related for UB:CVE-2008-5824