GLSA-200607-13 : Audacious: Multiple heap and buffer overflows

Medium Nessus Plugin ID 22142


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200607-13 (Audacious: Multiple heap and buffer overflows)

Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows.
Impact :

An attacker can entice a user to load a specially crafted media file, resulting in a crash or possible execution of arbitrary code.
Workaround :

There is no known workaround at this time.


All Audacious users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/audacious-1.1.0'

See Also

Plugin Details

Severity: Medium

ID: 22142

File Name: gentoo_GLSA-200607-13.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2006/08/04

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:audacious, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2006/07/29

Vulnerability Publication Date: 2006/07/06

Reference Information

CVE: CVE-2006-3581, CVE-2006-3582

OSVDB: 27042, 27043, 27044, 27045, 27046, 27047

GLSA: 200607-13