Debian DSA-1814-1 : libsndfile - heap-based buffer overflow

high Nessus Plugin ID 39374

Synopsis

The remote Debian host is missing a security-related update.

Description

Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. The Common Vulnerabilities and Exposures project identified the following problems :

- CVE-2009-1788 Tobias Klein discovered that the VOC parsing routines suffer of a heap-based buffer overflow which can be triggered by an attacker via a crafted VOC header.

- CVE-2009-1791 The vendor discovered that the AIFF parsing routines suffer of a heap-based buffer overflow similar to CVE-2009-1788 which can be triggered by an attacker via a crafted AIFF header.

In both cases the overflowing data is not completely attacker controlled but still leads to application crashes or under some circumstances might still lead to arbitrary code execution.

Solution

Upgrade the libsndfile packages.

For the oldstable distribution (etch), this problem has been fixed in version 1.0.16-2+etch2.

For the stable distribution (lenny), this problem has been fixed in version 1.0.17-4+lenny2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528650

https://security-tracker.debian.org/tracker/CVE-2009-1788

https://security-tracker.debian.org/tracker/CVE-2009-1791

https://www.debian.org/security/2009/dsa-1814

Plugin Details

Severity: High

ID: 39374

File Name: debian_DSA-1814.nasl

Version: 1.11

Type: local

Agent: unix

Published: 6/15/2009

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libsndfile, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2009

Reference Information

CVE: CVE-2009-1788, CVE-2009-1791

BID: 34978

CWE: 119

DSA: 1814