Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 258597

Summary: <media-sound/audacity-1.3.6 Stack-based buffer overflow (CVE-2009-0490)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: proaudio
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [ebuild]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-02-11 13:03:26 UTC 
CVE-2009-0490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0490):
  Stack-based buffer overflow in the String_parse::get_nonspace_quoted
  function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
  versions before 1.3.6 allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a .gro file
  containing a long string.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-02-11 17:52:21 UTC 

*** This bug has been marked as a duplicate of bug 253493 ***