FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

amarok -- multiple vulnerabilities

Affected packages
amarok < 1.4.10_3

Details

VuXML ID 6bb6188c-17b2-11de-ae4d-0030843d3802
Discovery 2009-01-12
Entry 2009-03-23

Secunia reports:

Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system.

Two integer overflow errors exist within the "Audible::Tag::readTag()" function in src/metadata/audible/audibletag.cpp. These can be exploited to cause heap-based buffer overflows via specially crafted Audible Audio files.

Two errors within the "Audible::Tag::readTag()" function in src/metadata/audible/audibletag.cpp can be exploited to corrupt arbitrary memory via specially crafted Audible Audio files.

References

Bugtraq ID 33210
CVE Name CVE-2009-0135
CVE Name CVE-2009-0136
URL http://secunia.com/advisories/33505
URL http://www.debian.org/security/2009/dsa-1706