Bug#514138: audacity: buffer overflow
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Feb 4 17:35:15 UTC 2009
Package: audacity
Version: 1.3.5-2
Severity: grave
Tags: security
Justification: user security hole
There is a buffer overflow in audacity apparently affecting the etch
and lenny version. You can find a reproducer here[0].
However, I just took a random .gro file and when importing it under
Projects with import midi (I tested under etch), it produced a buffer
overflow. More information can be found here[1] or in the gentoo
bugreport[2]. I'll post the CVE id here, once it has been assigned.
Please check with upstream, whether they are aware of the issue and
working on a patch.
Cheers
Steffen
[0]: http://www.milw0rm.com/exploits/7634
[1]: http://secunia.com/advisories/33356/
[2]: https://bugs.gentoo.org/show_bug.cgi?id=253493
More information about the pkg-multimedia-maintainers
mailing list