FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5030

This CVE name corresponds to:

Entered Topic
2009-01-11 libcdaudio -- remote buffer overflow and code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5030 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-5030
Phase Assigned(20081110)

Description

Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.

References

Source Reference
MLIST [oss-security] 20081105 CVE request: libcdaudio
MLIST [oss-security] 20081107 Re: CVE request: libcdaudio
MLIST [oss-security] 20081111 Re: CVE request: libcdaudio
MLIST [oss-security] 20081111 Re: CVE request: libcdaudio
MISC http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
DEBIAN DSA-1665
GENTOO GLSA-200903-31
MANDRIVA MDVSA-2008:233
SUSE SUSE-SR:2008:024
BID 32122
SECUNIA 34353
VUPEN ADV-2008-3132
SECUNIA 32678
XF libcdaudio-cddb-bo(46392)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.