Bugzilla – Bug 631379
VUL-1: libsndfile: divide-by-zero
Last modified: 2016-04-15 12:58:45 UTC
Hi. There is a security bug in package 'libsndfile'. This bug is public. There is no coordinated release date (CRD) set. CVE number: CVE-2009-4835 CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835 Original posting: ---------- Weitergeleitete Nachricht ---------- Betreff: [Full-disclosure] [ MDVSA-2010:150 ] libsndfile Datum: Samstag, 14. August 2010, 19:28:01 Von: security@mandriva.com An: full-disclosure@lists.grok.org.uk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsndfile Date : August 14, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in libsndfile: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file (CVE-2009-4835). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835 _______________________________________________________________________ ..
The SWAMPID for this issue is 42235. This issue was rated as moderate. Please submit fixed packages until 2011-08-01. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (631379) was mentioned in https://build.opensuse.org/request/show/76432 11.3 / libsndfile
Update released for: libsndfile, libsndfile-debuginfo, libsndfile-debugsource, libsndfile-devel Products: openSUSE 11.3 (debug, i586, x86_64)
released
Update released for: libsndfile, libsndfile-32bit, libsndfile-debuginfo, libsndfile-debuginfo-32bit, libsndfile-debuginfo-x86, libsndfile-debugsource, libsndfile-devel, libsndfile-octave, libsndfile-progs, libsndfile-progs-debuginfo, libsndfile-progs-debugsource, libsndfile-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: libsndfile, libsndfile-32bit, libsndfile-64bit, libsndfile-debuginfo, libsndfile-devel, libsndfile-octave, libsndfile-progs, libsndfile-x86 Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
This is an autogenerated message for OBS integration: This bug (631379) was mentioned in https://build.opensuse.org/request/show/78424 Evergreen:11.2 / libsndfile