libsndfile: User-assisted execution of arbitrary code — GLSA 200905-09

Multiple heap-based buffer overflow vulnerabilities in libsndfile might allow remote attackers to execute arbitrary code.

Affected packages

Package	media-libs/libsndfile on all architectures
Affected versions	< 1.0.20
Unaffected versions	>= 1.0.20

Background

libsndfile is a C library for reading and writing files containing sampled sound.

Description

The following vulnerabilities have been found in libsndfile:

Tobias Klein reported that the header_read() function in src/common.c uses user input for calculating a buffer size, possibly leading to a heap-based buffer overflow (CVE-2009-1788).
The vendor reported a boundary error in the aiff_read_header() function in src/aiff.c, possibly leading to a heap-based buffer overflow (CVE-2009-1791).

Impact

A remote attacker could entice a user to open a specially crafted AIFF or VOC file in a program using libsndfile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All libsndfile users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.20"

References

Release date
May 27, 2009

Latest revision
May 27, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries

269863