Candidate: CVE-2009-0136
PublicDate: 2009-01-16 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136
 http://trapkit.de/advisories/TKADV2009-002.txt
 http://www.debian.org/security/2009/dsa-1706
 https://ubuntu.com/security/notices/USN-739-1
Description:
 Multiple array index errors in the Audible::Tag::readTag function in
 metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote
 attackers to cause a denial of service (application crash) or execute
 arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or
 (2) vlen Tag value, each of which can lead to an invalid pointer
 dereference, or the writing of a 0x00 byte to an arbitrary memory location,
 after an allocation failure.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/amarok/+bug/318555
 http://bugs.gentoo.org/show_bug.cgi?id=254896
 https://bugzilla.redhat.com/show_bug.cgi?id=479560
 https://bugzilla.redhat.com/show_bug.cgi?id=479946
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_amarok:
 upstream: http://websvn.kde.org/?view=rev&revision=908391
 upstream: http://websvn.kde.org/?view=rev&revision=908401
 upstream: http://websvn.kde.org/?view=rev&revision=908415
 vendor: http://patch-tracking.debian.net/patch/series/view/amarok/1.4.10-3/20_security_audible_tags.diff
upstream_amarok: released (2.0.1.1-1)
dapper_amarok: not-affected (code not present)
gutsy_amarok: released (2:1.4.7-0ubuntu3.2)
hardy_amarok: released (2:1.4.9.1-0ubuntu3.2)
intrepid_amarok: released (2:1.4.10-0ubuntu3.1)
devel_amarok: not-affected (2.0.1.1-0ubuntu5)