Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 237037 - media-libs/libsamplerate <0.1.4 buffer overflow at extreme low conversion ratios (CVE-2008-5008)
Summary: media-libs/libsamplerate <0.1.4 buffer overflow at extreme low conversion rat...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.mega-nerd.com/SRC/ChangeLog
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-08 06:51 UTC by Alexis Ballier
Modified: 2020-04-10 11:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2008-09-08 06:51:29 UTC 
Been there for a while; no bug. Thanks.


Version 0.1.4 (2008-07-02)
  * Fix bug which causes a segfault with extremely low conversion ratios.

Version 0.1.3 (2008-03-23)
  * Huge improvement to the quality of conversion with the
    SRC_SINC_MEDIUM_QUALITY and SRC_SINC_BEST_QUALITY converters.
  * Minor bug fixes.
Comment 1 Markus Meier gentoo-dev 2008-09-11 19:01:56 UTC 
amd64/x86 stable
Comment 2 nixnut (RETIRED) gentoo-dev 2008-09-13 11:08:14 UTC 
ppc stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-09-15 09:48:31 UTC 
alpha/ia64/sparc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-16 09:27:30 UTC 
Stable for HPPA.
Comment 5 Brent Baude (RETIRED) gentoo-dev 2008-09-18 12:44:25 UTC 
ppc64 stable
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-11-07 13:49:56 UTC 
Pınar Yanardağ wrote:

From libsamplerate's changelog [1] (2008-07-02):

    * src/src_sinc.c
    Fix buffer overrrun bug at extreme low conversion ratios. Thanks to Russell
    O'Connor for the report.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-11-27 11:49:28 UTC 
CVE-2008-5008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5008):
  Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or
  libsamplerate) before 0.1.4, when "extreme low conversion ratios" are
  used, allows user-assisted attackers to have an unknown impact via a
  crafted audio file.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-12-02 17:49:42 UTC 
GLSA 200812-05