#20051 – heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)

Bug 20051 - heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)

Summary: heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	libsndfile (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Valery Inozemtsev
QA Contact:	qa-sisyphus

URL:	http://www.mega-nerd.com/erikd/Blog/C...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-05-15 10:33 MSD by Vladimir Lettiev
Modified:	2009-05-26 22:26 MSD (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-05-15 10:33:07 MSD

Обнаружены ошибки переполнения буфера в парсере VOC-файлов (Tobias Klein, http://www.trapkit.de/ ) и парсере AIFF-файлов (Erik de Castro Lopo, http://www.mega-nerd.com/erikd/Blog/ )
Upstream выпустил исправления в новой версии 1.0.20

Comment 1 Repository Robot 2009-05-15 18:51:38 MSD

libsndfile-1.0.20-alt1 -> sisyphus:

* Fri May 15 2009 Valery Inozemtsev <shrek@altlinux> 1.0.20-alt1

- fixed potential heap overflow in VOC file parser (closes: #20051)

Comment 2 Vladimir Lettiev 2009-05-17 00:18:59 MSD

ok

Comment 3 Vladimir Lettiev 2009-05-25 20:19:40 MSD

closed