Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 216499 - media-libs/libfishsound < 0.9.0: speex remote code execution (CVE-2008-1686)
Summary: media-libs/libfishsound < 0.9.0: speex remote code execution (CVE-2008-1686)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High trivial (vote)
Assignee: Gentoo Security
URL: http://www.ocert.org/advisories/ocert...
Whiteboard: ~2? [ebuild]
Keywords:
Depends on: 217715
Blocks:
  Show dependency tree
 
Reported: 2008-04-06 10:59 UTC by Christian Hoffmann (RETIRED)
Modified: 2008-04-14 20:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Hoffmann (RETIRED) gentoo-dev 2008-04-06 10:59:26 UTC 
From $URL:
--------------------------
The libfishsound  decoder library incorrectly implements the reference speex decoder from the Speex library, performing insufficient boundary checks on a header structure read from user input.

A user controlled field in the header structure is used to build a function pointer. The libfishsound implementation does not check for negative values for the field, allowing the function pointer to be pointed at an arbitary position in memory. This allows remote code execution.

A patch has been committed to the libfishsound public repository.

[...]

References:
http://trac.annodex.net/changeset/3535
http://trac.annodex.net/changeset/3536
http://www.annodex.net/software/libfishsound
--------------------------


We have 0.8.1 in the tree, but there is no stable version at all.

lcars reported it on #gentoo-security.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-04-06 11:02:32 UTC 
Attempting to set whiteboard... :)
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-06 12:08:26 UTC 
I'd rate it ~2 since you probably need to open a file or url to be affected, so it qualifies for user-assisted.
Comment 3 Alexis Ballier gentoo-dev 2008-04-06 20:15:57 UTC 
the (patched) 0.9.0 is now in the tree
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-04-07 00:33:47 UTC 
Thanks, closing [noglsa] then.

btw, "2008-04-07: libfishsound 0.9.1 is released"