Luigi Auriemma has discovered a vulnerability in foobar2000, which can be exploited by malicious people to compromise a user's system
You need to log in to the Secunia Community to view the full description of this advisory
If you are not a member of the Secunia community, you can sign up here for free.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Score: 0 Posts: 2 User Since: 4th Jul 2011 System Score: N/A Location: RO Last edited on 5th Jul, 2011 02:40
Peter Pawlowski (foobar2000 developer) clarification:
"Not Our Bug:
While the buffer size calculation part may produce incorrect results on malformed files, foobar2000 itself will never write outside allocated memory, and will also correctly tell the ACM codec what buffer size it has allocated - see ACMSTREAMHEADER::cbDstLength.
This may lead to a buffer overrun only in case of a buggy codec present on the system that writes past the output buffer size as specified by the application.
Either way this will be worked-around with the next update (as a part of broken codec workarounds), thanks for posting this."