libsndfile: User-assisted execution of arbitrary code

Security Team Contact Address

Updated May 27, 2009

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200905-09 / libsndfile
Release Date	May 27, 2009
Latest Revision	May 27, 2009: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
media-libs/libsndfile	< 1.0.20	>= 1.0.20	All supported architectures

Related bugreports: #269863

Synopsis

Multiple heap-based buffer overflow vulnerabilities in libsndfile might allow remote attackers to execute arbitrary code.

2. Impact Information

Background

libsndfile is a C library for reading and writing files containing sampled sound.

Description

The following vulnerabilities have been found in libsndfile:

Tobias Klein reported that the header_read() function in src/common.c uses user input for calculating a buffer size, possibly leading to a heap-based buffer overflow (CVE-2009-1788).
The vendor reported a boundary error in the aiff_read_header() function in src/aiff.c, possibly leading to a heap-based buffer overflow (CVE-2009-1791).

Impact

A remote attacker could entice a user to open a specially crafted AIFF or VOC file in a program using libsndfile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All libsndfile users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.20"

4. References