| Summary: | media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | sound |
| Priority: | High | Keywords: | STABLEREQ |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
InCVS as libcdaudio-0.99.12-r1 Arches, please test and mark stable =media-libs/libcdaudio-0.99.12-r1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 I'm re-rating this as B2 as it most likely requires user interaction (i.e. the user has to open a malicious URL or file) ppc64 done Stable for HPPA. amd64/x86 stable btw please note:
dodoc: ChangLog does not exist
>>> Completed installing libcdaudio-0.99.12-r1 into /var/tmp/portage/media-libs/libcdaudio-0.99.12-r1/image/
alpha/arm/ia64/sparc stable ppc stable CVE-2008-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5030): Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data. GLSA 200903-31 |
I'm unsure about the versions, got this one from Thomas Biege @ oss-sec: --- src/cddb.c +++ src/cddb.c @@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct disc_data *outdata) free(file); while(!feof(cddb_data)) { - fgets(inbuffer, 512, cddb_data); + fgets(inbuffer, 256, cddb_data); cddb_process_line(inbuffer, data); } I checked that: we've got a vulnerable version in our tree.