CVE-2009-4835
Published: 6 May 2010
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
Notes
Author | Note |
---|---|
jdstrand | simple application crasher upstream is the Debian maintainer. Patch to fix this is already in Ubuntu 10.04 LTS and later (maybe earlier) |
Priority
Status
Package | Release | Status |
---|---|---|
libsndfile Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.0.21-2)
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Released
(1.0.21)
|
|
Patches: upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=37;filename=sigfpe.diff;att=1;bug=530831 |