FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- multiple vulnerabilities

Affected packages
libsndfile < 1.0.20

Details

VuXML ID 6355efdb-4d4d-11de-8811-0030843d3802
Discovery 2009-05-15
Entry 2009-05-30

Secunia reports:

Two vulnerabilities have been reported in libsndfile, which can be exploited by malicious people to compromise an application using the library.

A boundary error exists within the "voc_read_header()" function in src/voc.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted VOC file.

A boundary error exists within the "aiff_read_header()" function in src/aiff.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted AIFF file.

[source]

References

CVE Name CVE-2009-1788
CVE Name CVE-2009-1791
URL http://secunia.com/advisories/35076/
URL http://www.trapkit.de/advisories/TKADV2009-006.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.