Gentoo Bug 237037 - media-libs/libsamplerate <0.1.4 buffer overflow at extreme low conversion ratios (CVE-2008-5008)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	237037
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Alexis Ballier <aballier@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 237037 depends on:			Show dependency tree
Bug 237037 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-09-08 06:51 0000

Been there for a while; no bug. Thanks.


Version 0.1.4 (2008-07-02)
  * Fix bug which causes a segfault with extremely low conversion ratios.

Version 0.1.3 (2008-03-23)
  * Huge improvement to the quality of conversion with the
    SRC_SINC_MEDIUM_QUALITY and SRC_SINC_BEST_QUALITY converters.
  * Minor bug fixes.

------- Comment #1 From Markus Meier 2008-09-11 19:01:56 0000 -------

amd64/x86 stable

------- Comment #2 From nixnut 2008-09-13 11:08:14 0000 -------

ppc stable

------- Comment #3 From Raúl Porcel 2008-09-15 09:48:31 0000 -------

alpha/ia64/sparc stable

------- Comment #4 From Jeroen Roovers 2008-09-16 09:27:30 0000 -------

Stable for HPPA.

------- Comment #5 From Brent Baude 2008-09-18 12:44:25 0000 -------

ppc64 stable

------- Comment #6 From Robert Buchholz 2008-11-07 13:49:56 0000 -------

Pınar Yanardağ wrote:

From libsamplerate's changelog [1] (2008-07-02):

    * src/src_sinc.c
    Fix buffer overrrun bug at extreme low conversion ratios. Thanks to Russell
    O'Connor for the report.

------- Comment #7 From Robert Buchholz 2008-11-27 11:49:28 0000 -------

CVE-2008-5008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5008):
  Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or
  libsamplerate) before 0.1.4, when "extreme low conversion ratios" are
  used, allows user-assisted attackers to have an unknown impact via a
  crafted audio file.

------- Comment #8 From Robert Buchholz 2008-12-02 17:49:42 0000 -------

GLSA 200812-05

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 237037

media-libs/libsamplerate <0.1.4 buffer overflow at extreme low conversion ratios (CVE-2008-5008)

Last modified: 2008-12-02 17:49:42 0000