FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- CAF processing integer overflow vulnerability

Affected packages
libsndfile < 1.0.19

Details

VuXML ID c5af0747-1262-11de-a964-0030843d3802
Discovery 2009-03-03
Entry 2009-03-16

Secunia reports:

The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file.

References

CVE Name CVE-2009-0186
URL http://secunia.com/advisories/33980/