Bug 12185 - Stack overflow in flac123 0.0.9
Summary: Stack overflow in flac123 0.0.9
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: flac123 (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://www.isecpartners.com/advisorie...
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-30 12:40 MSD by Igor Zubkov
Modified: 2007-07-03 15:26 MSD (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Zubkov 2007-06-30 12:40:08 MSD
Stack overflow in flac123 0.0.9

Details:
--------
The function local__vcentry_parse_value() in vorbiscomment.c does not
correctly handle a long value_length, causing it to overflow the buffer
"dest" during memcpy().

Fix Information:
----------------
This is the sole issue corrected in version 0.0.10.
Comment 1 swi 2007-06-30 19:57:35 MSD
fixed in flac123-0.0.10-alt1
Comment 2 Igor Zubkov 2007-07-03 15:26:18 MSD
Кстати, номер в cve -- CVE-2007-3507. (на всякий).