Summary: | media-libs/audiofile: heap corruption while reading .wav files (CVE-2008-5824) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome, kfm, sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205 | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matti Bickel (RETIRED)
2009-01-02 21:48:26 UTC
There's no fix yet, if i get the debian bug report correctly. Can we provide/work with the debian folks on one? Was assigned CVE-2008-5824 There's now a patch, but he says it needs more work. NetBSD applies these patches: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/audio/libaudiofile/patches/patch-ac?rev=1.1&content-type=text/x-cvsweb-markup http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/audio/libaudiofile/patches/patch-ad?rev=1.1&content-type=text/x-cvsweb-markup .. which still backtraces... $ normalize max_theme.wav Computing levels... max_theme.wav 100% done, ETA 00:00:00 (batch 100% done, ETA 00:00:00) Applying adjustment of -3.26dB to max_theme.wav... *** glibc detected *** normalize: corrupted double-linked list: 0x0000000000c5f310 *** ======= Backtrace: ========= /lib/libc.so.6[0x7fd9b18abd87] /lib/libc.so.6[0x7fd9b18ae17e] /lib/libc.so.6(cfree+0x76)[0x7fd9b18ae3c6] /lib/libc.so.6(fclose+0x156)[0x7fd9b189b8b6] /usr/lib/libaudiofile.so.0[0x7fd9b1e3519d] /usr/lib/libaudiofile.so.0(af_virtual_file_destroy+0x7)[0x7fd9b1e351f7] /usr/lib/libaudiofile.so.0(af_fclose+0x9)[0x7fd9b1e35209] /usr/lib/libaudiofile.so.0(afCloseFile+0x31)[0x7fd9b1e32131] normalize[0x405f3f] normalize[0x403c58] /lib/libc.so.6(__libc_start_main+0xe6)[0x7fd9b1850486] normalize[0x4024a9] Upstream bug (closed as fixed): https://bugzilla.gnome.org/show_bug.cgi?id=603198 CVE says that it only affects audiofile-0.2.6. Long removed. Closing noglsa. |