Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Jan 2009 10:08:00 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
Subject: CVE Request -- amarok

Hello Steve,

  multiple integer overflows (leading to heap-based overflows)
and unchecked allocation vulnerabilities has been reported
against Amarok multimedia player whep parsing malformed
Audible digital audio files. Upstream has fixed
these in latest 2.0.1.l release.

References:   (Fix possible buffer overflows when parsing Audible .aa files.)

Proposed solution: Upgrade to latest upstream version

Affected Amarok version: amarok-1.4.10-1.fc9 <= x < latest upstream release

Attaching also diff for audibletag.cpp file between latest F10 (amarok-2.0-2.fc10)
and latest upstream release (see attachment).

Could you please allocate a new 2009 CVE id for it?

Thanks, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Content of type "text/x-patch" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ