DSA-1742-1 libsndfile -- integer overflowID: oval:org.secpod.oval:def:600461 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. For the oldstable distribution this problem has been fixed in version 1.0.16-2+etch1. For the stable distribution this problem has been fixed in version 1.0.17-4+lenny1. For the unstable distribution this problem has been fixed in version 1.0.19-1. We recommend that you upgrade your libsndfile packages.
Platform: |
Debian 5.0 |
Debian 4.0 |