CVE-2008-5824

Publication date 2 January 2009

Last updated 24 July 2024

Ubuntu priority

Description

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
audiofile	9.10 karmic	Fixed 0.2.6-7ubuntu2.1
	9.04 jaunty	Fixed 0.2.6-7ubuntu1.9.04.1
	8.10 intrepid	Fixed 0.2.6-7ubuntu1.8.10.1
	8.04 LTS hardy	Fixed 0.2.6-7ubuntu1.8.04.1
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 0.2.6-6ubuntu1.1
normalize-audio	9.10 karmic	Fixed 0.7.7-4ubuntu0.1
	9.04 jaunty	Fixed 0.7.7-2ubuntu0.9.04.1
	8.10 intrepid	Fixed 0.7.7-2ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 0.7.7-2ubuntu0.8.04.1
	6.06 LTS dapper	Fixed 0.7.6-7ubuntu0.1

Notes

mdeslaur

PoC: http://filebin.ca/meqmyu/max_theme.wav

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
audiofile	Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=59;filename=22_CVE-2008-5824.dpatch;att=1;bug=510205

CVE-2008-5824

Description

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references