GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Dec 02, 2008 10:26 pm Post subject: [ GLSA 200812-05 ] libsamplerate: User-assisted execution of |
|
|
Gentoo Linux Security Advisory
Title: libsamplerate: User-assisted execution of arbitrary code (GLSA 200812-05)
Severity: normal
Exploitable: remote
Date: December 02, 2008
Bug(s): #237037
ID: 200812-05
Synopsis
A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code.
Background
Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio.
Affected Packages
Package: media-libs/libsamplerate
Vulnerable: < 0.1.4
Unaffected: >= 0.1.4
Architectures: All supported architectures
Description
Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios.
Impact
A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All libsamplerate users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libsamplerate-0.1.4" |
References
CVE-2008-5008 |
|