Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-5824

Published: 02/01/2009 Updated: 26/03/2010
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Audiofile

Vulnerability Summary

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.

Vulnerable Product Search on Vulmon Subscribe to Product

68k audiofile 0.2.6

Vendor Advisories

Debian CVElist Bug Report Logs: buffer overflow in libaudiofile
Debian Bug report logs - #510205 buffer overflow in libaudiofile Package: libaudiofile0; Maintainer for libaudiofile0 is (unknown); Reported by: Max Kellermann <max@duempelorg> Date: Tue, 30 Dec 2008 13:30:02 UTC Severity: grave Tags: etch, lenny, patch, security Found in version audiofile/026-6 Fixed in versions audio ...
Ubuntu Security Notice: audiofile vulnerability
It was discovered that Audio File Library contained a heap-based buffer overflow If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program The default compiler options for Ubuntu should reduc ...
Debian Security Advisories: DSA-1972-1 audiofile -- buffer overflow
Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile This flaw could result in a denial of service (application crash) or possibly execution of arbitrary code via a crafted WAV file The old stable distribution (etch), this problem will be fixed in version 026-6+etch1 The packages for the old ...

Exploits

Exploit DB: Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow
source: wwwsecurityfocuscom/bid/33066/info Audio File Library ('libaudiofile') is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library Failed exploi ...

References

CWE-119http://openwall.com/lists/oss-security/2008/12/30/1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205http://musicpd.org/mantis/view.php?id=1915http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33273http://www.securityfocus.com/bid/33066http://www.vupen.com/english/advisories/2009/0005http://www.ubuntu.com/usn/USN-912-1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205https://usn.ubuntu.com/912-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/32691/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook