Forgot your password?
New user?
Multiple Vulnerabilities in Fedora
Last Updated on:
Apr 06, 2010 07:11 PM
Original Issue Date:
December 07, 2009
Severity Rating: High
Overview
Multiple vulnerabilities have been reported in libsndfile package in Fedora, which could be exploited by remote attackers to cause a denial of service conditions, execute an arbitrary code or potentially compromise an affected system.
Description
" libsndfile" is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface.
1. libsndfile CAF File Processing Integer Overflow Vulnerability
System Affected :
Fedora 11
Fedora 10
Solution
December 07, 2009
Severity Rating: High
Overview
Multiple vulnerabilities have been reported in libsndfile package in Fedora, which could be exploited by remote attackers to cause a denial of service conditions, execute an arbitrary code or potentially compromise an affected system.
Description
" libsndfile" is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface.
1. libsndfile CAF File Processing Integer Overflow Vulnerability
This vulnerability is caused by an integer overflow error when processing CAF description chunks in libsndfile package. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted CAF audio file to trigger heap-based buffer overflow error . Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition or execute an arbitrary code.
2. libsndfile VOC and AIFF Files Processing Buffer Overflow Vulnerabilities (CVE-2009-1788 , CVE-2009-1791)
2. libsndfile VOC and AIFF Files Processing Buffer Overflow Vulnerabilities (CVE-2009-1788 , CVE-2009-1791)
These vulnerabilities are caused by buffer overflow errors in the "voc_read_header()" [src/voc.c] and "aiff_read_header()" [src/aiff.c] functions when processing VOC and AIFF files in libsndfile package. A remote attacker could exploit these vulnerabilities via a specially crafted VOC and AIFF file with an invalid header values to trigger heap-based buffer overflow error . Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service condition and possibly execute an arbitrary code.
System Affected :
Fedora 11
Fedora 10
Solution
Upgrade the affected package (libsndfile)
http://docs.fedoraproject.org/yum/
No rating set
Document Actions
Share
|
