CVE-2009-0135 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-0135
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-0135

Description: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/USN-739-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html ST 1021558 SREASON http://securityreason.com/securityalert/4915 SAID Secunia Advisory: SA33819 Secunia Advisory: SA33640 Secunia Advisory: SA33522 Secunia Advisory: SA34315 Secunia Advisory: SA34407 Secunia Advisory: SA33505 MLIST http://openwall.com/lists/oss-security/2009/01/14/2 MISC http://trapkit.de/advisories/TKADV2009-002.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 GENTOO http://security.gentoo.org/glsa/glsa-200903-34.xml FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1706 CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 http://bugs.gentoo.org/show_bug.cgi?id=254896 http://websvn.kde.org/?view=rev&revision=908391 http://websvn.kde.org/?view=rev&revision=908415 http://websvn.kde.org/?view=rev&revision=908401 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/499984/100/0/threaded BID 33210

Return to the previous page.