January 16, 2010

Debian Security Advisory 1972 audiofile - buffer overflow

Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service (application crash) or possibly execution of arbitrary code via a crafted WAV file.

The old stable distribution (etch), this problem will be fixed in version 0.2.6-6+etch1.

The packages for the oldstable distribution are not included in this advisory. An update will be released soon...

Read More