As per $URL, MITRE has assigned CVE-2012-6303 to buffer overflow vulnerabilities in Snack which could result in user-assisted execution of arbitrary code.
*** Bug 446870 has been marked as a duplicate of this bug. ***
Created attachment 334962 [details]
Script to generate the wav file
+*snack-2.2.10-r5 (09 Jan 2013)
+ 09 Jan 2013; Justin Lecher <email@example.com> +snack-2.2.10-r5.ebuild,
+ +files/snack-2.2.10-CVE-2012-6303-fix.patch, metadata.xml:
+ Add fix from Fedora for CVE-2012-6303, #446822
Created attachment 334964 [details]
script to trigger the DOS ot check for its fix.
Its fixed now. Test scripts are attached.
(In reply to comment #5)
> Its fixed now. Test scripts are attached.
Thanks, Justin. Is this version ready for stabilization?
(In reply to comment #6)
> (In reply to comment #5)
> > Its fixed now. Test scripts are attached.
> Thanks, Justin. Is this version ready for stabilization?
Only the code fix for this issue is new. So I would say yes.
Arches, please test and mark stable:
Stable for HPPA.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201309-04 at http://security.gentoo.org/glsa/glsa-201309-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).
Heap-based buffer overflow in the GetWavHeader function in
generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer
1.8.8p4, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a large chunk size in a WAV file.