Package: libcdaudio
Severity: grave
Tags: security patch
Justification: user security hole
CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
can potentially be exploited to execute arbitrary code.
libcdaudio contains the vulnerable code as well. Attached you can find
a patch for libcdaudio with the patch used for grip.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
diff -Naur libcdaudio-0.99.9.orig/source/cddb.c libcdaudio-0.99.9/source/cddb.c
--- libcdaudio-0.99.9.orig/source/cddb.c 2003-02-12 18:55:25.000000000
+0100
+++ libcdaudio-0.99.9/source/cddb.c 2005-04-15 16:28:16.000000000 +0200
@@ -1007,7 +1007,7 @@
}
query->query_matches = 0;
- while(!cddb_read_line(sock, inbuffer, 256)) {
+ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock,
inbuffer, 256)) {
slashed = 0;
if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
index = 0;
