258597 – <media-sound/audacity-1.3.6 Stack-based buffer overflow (CVE-2009-0490)

Bug 258597 - <media-sound/audacity-1.3.6 Stack-based buffer overflow (CVE-2009-0490)

Summary: <media-sound/audacity-1.3.6 Stack-based buffer overflow (CVE-2009-0490)

Status:	RESOLVED DUPLICATE of bug 253493

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2009-02-11 13:03 UTC by Stefan Behte (RETIRED)
Modified:	2009-02-11 17:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-02-11 13:03:26 UTC

CVE-2009-0490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0490):
  Stack-based buffer overflow in the String_parse::get_nonspace_quoted
  function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
  versions before 1.3.6 allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a .gro file
  containing a long string.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-02-11 17:52:21 UTC


*** This bug has been marked as a duplicate of bug 253493 ***