CVE-2008-5824 in Ubuntu

CVE-2008-5824

Priority

Description

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6
allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted WAV
file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5824
https://ubuntu.com/security/notices/USN-912-1

Bugs

https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/527033
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558399
http://musicpd.org/mantis/view.php?id=1915
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5824
http://bugs.gentoo.org/253481

Notes

mdeslaur

PoC: http://filebin.ca/meqmyu/max_theme.wav

Package

Source: audiofile (LP Ubuntu Debian)

Upstream:	released (0.2.6-7.1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (0.2.6-8ubuntu1)

Patches:

Vendor:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=59;filename=22_CVE-2008-5824.dpatch;att=1;bug=510205

This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#heap-protector

Package

Source: normalize-audio (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (0.7.7-6)

Patches:

This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#heap-protector

More Information

Updated: 2022-02-10 23:35:17 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)