Threat Center Security News Patch stops integer overflow in libsnd packages
Patch stops integer overflow in libsnd packages Print E-mail
Written by Rebecca Mints   
Tuesday, 17 March 2009 00:44

Security specialist Debian has released today its bugtraq advisory on the libsndfile vulnerability that causes integer overflow.

It reported that flaws in all versions of libsnd packages can be fixed through updatess now available on Debian website www.debian.org/pools/updates.

It was Alan Rad Pop of Debian security organization who recently discovered that libsndfile is prone to integer overflow. The file is used to read and write sampled audio data.

Debian noted that the vulnerability causes a heap-based buffer overflow when processing crafted CAF description chunks.

“This could possibly lead to arbitrary code execution,” it added.

Users who frequently call on the libsndfile to read audio data are advised to get the upgrade.

Stable and oldstable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

 

WTW Threat Level