#12185 – Stack overflow in flac123 0.0.9

Bug 12185 - Stack overflow in flac123 0.0.9

Summary: Stack overflow in flac123 0.0.9

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	flac123 (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P2 normal
Assignee:	Anton Farygin
QA Contact:	qa-sisyphus

URL:	http://www.isecpartners.com/advisorie...
Keywords:

Depends on:
Blocks:

Reported:	2007-06-30 12:40 MSD by Igor Zubkov
Modified:	2007-07-03 15:26 MSD (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Igor Zubkov 2007-06-30 12:40:08 MSD

Stack overflow in flac123 0.0.9

Details:
--------
The function local__vcentry_parse_value() in vorbiscomment.c does not
correctly handle a long value_length, causing it to overflow the buffer
"dest" during memcpy().

Fix Information:
----------------
This is the sole issue corrected in version 0.0.10.

Comment 1 swi 2007-06-30 19:57:35 MSD

fixed in flac123-0.0.10-alt1

Comment 2 Igor Zubkov 2007-07-03 15:26:18 MSD

Кстати, номер в cve -- CVE-2007-3507. (на всякий).