FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- CAF processing integer overflow vulnerability

Affected packages
libsndfile < 1.0.19


VuXML ID c5af0747-1262-11de-a964-0030843d3802
Discovery 2009-03-03
Entry 2009-03-16

Secunia reports:

The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file.


CVE Name CVE-2009-0186