1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2011-07-21
Candidate: CVE-2011-2696
PublicDate: 2011-07-26
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696
http://www.securelist.com/en/advisories/45125
http://secunia.com/advisories/45125/
http://www.ubuntu.com/usn/usn-1174-1
Description:
Integer overflow in libsndfile before 1.0.25 allows remote attackers to
cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based
buffer overflow.
Ubuntu-Description:
Notes:
jdstrand> bzr branch http://www.mega-nerd.com/Bzr/libsndfile-dev/
Bugs:
Priority: medium
Discovered-by: Hossein Lotfi
Assigned-to: jdstrand
Patches_libsndfile:
upstream: r1610
vendor: https://rhn.redhat.com/errata/RHSA-2011-1084.html
upstream_libsndfile: released (1.0.25-1)
hardy_libsndfile: ignored (reached end-of-life)
lucid_libsndfile: released (1.0.21-2ubuntu0.10.04.1)
maverick_libsndfile: released (1.0.21-2ubuntu0.10.10.1)
natty_libsndfile: released (1.0.23-1ubuntu0.1)
devel_libsndfile: released (1.0.24-1ubuntu1)
|