1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200812-05 / libsamplerate |
| Release Date | December 02, 2008 |
| Latest Revision | December 02, 2008: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-libs/libsamplerate | < 0.1.4 | >= 0.1.4 | All supported architectures |
Related bugreports: #237037
A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code.
Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio.
Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios.
A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All libsamplerate users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libsamplerate-0.1.4" |