Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-5824 | First vendor Publication | 2009-01-02 |
Vendor | Cve | Last vendor Modification | 2010-03-26 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5824 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12594 | |||
Oval ID: | oval:org.mitre.oval:def:12594 | ||
Title: | DSA-1972-2 audiofile -- buffer overflow | ||
Description: | This advisory adds the packages for the old stable distribution, with the exception of the mips packages. The updates for the mips architecture will be released when they become available. The packages for the stable distribution have been released in DSA-1972-1. For reference, the advisory text is provided below. Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution, this problem has been fixed in version 0.2.6-6+etch1. For the stable distribution, this problem has been fixed in version 0.2.6-7+lenny1. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.2.6-7.1. We recommend that you upgrade your audiofile packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1972-2 CVE-2008-5824 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | audiofile |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12768 | |||
Oval ID: | oval:org.mitre.oval:def:12768 | ||
Title: | DSA-1972-1 audiofile -- buffer overflow | ||
Description: | Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution, this problem will be fixed in version 0.2.6-6+etch1. The packages for the oldtable distribution are not included in this advisory. An update will be released soon. For the stable distribution, this problem has been fixed in version 0.2.6-7+lenny1. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.2.6-7.1. We recommend that you upgrade your audiofile packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1972-1 CVE-2008-5824 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | audiofile |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13447 | |||
Oval ID: | oval:org.mitre.oval:def:13447 | ||
Title: | USN-912-1 -- audiofile vulnerability | ||
Description: | It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-912-1 CVE-2008-5824 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | audiofile |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7004 | |||
Oval ID: | oval:org.mitre.oval:def:7004 | ||
Title: | DSA-1972 audiofile -- buffer overflow | ||
Description: | Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution, this problem will be fixed in version 0.2.6-6+etch1. The packages for the oldstable distribution are not included in this advisory. An update will be released soon. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1972 CVE-2008-5824 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | audiofile |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-22 | Name : Ubuntu Update for audiofile vulnerability USN-912-1 File : nvt/gb_ubuntu_USN_912_1.nasl |
2009-10-13 | Name : SLES10: Security update for audiofile File : nvt/sles10_audiofile.nasl |
2009-10-10 | Name : SLES9: Security update for audiofile File : nvt/sles9p5041620.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51069 | Audio File Library libaudiofile/modules/msadpcm.c ms_adpcm_decode_block() Fun... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-912-1.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1972.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12342.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_audiofile-5948.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_audiofile-090121.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_audiofile-090204.nasl - Type : ACT_GATHER_INFO |
2009-01-28 | Name : The remote openSUSE host is missing a security update. File : suse_audiofile-5950.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:08:37 |
|
2021-04-22 01:08:58 |
|
2020-05-23 00:22:49 |
|
2016-04-26 18:11:54 |
|
2014-02-17 10:47:49 |
|
2013-05-11 00:33:53 |
|