ports/132371: [vuxml] [patch] audio/libsndfile: update to 1.0.19 and fix CVE-2009-0186

Eygene Ryabinkin rea-fbsd at codelabs.ru
Fri Mar 6 12:00:18 PST 2009

>Number:         132371
>Category:       ports
>Synopsis:       [vuxml] [patch] audio/libsndfile: update to 1.0.19 and fix CVE-2009-0186
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 06 20:00:09 UTC 2009
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 7.1-STABLE amd64
Code Labs

System: FreeBSD 7.1-STABLE amd64


Secunia found integer overflow in CAF processing within libsndfile
1.0.18, [1].  This could lead to the arbitrary code execution with
the privileges of process that uses libsndfile to play/process the
crafted CAF file.


[1] http://secunia.com/advisories/33980/


The following patch updates the port to 1.0.19.  I had mildly tested
it and found no problems.

--- update-to-1.0.19.diff begins here ---
>From 4f01cb69c37a0df98d0c3c3e483121bb1d944d6b Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
Date: Fri, 6 Mar 2009 22:42:50 +0300

I had tested the new port version by using sndfile-convert to transform
standart .flac applaud00.flac to WAV and CAF files and transform back
from these two formats to FLAC.  Worked without troubles.

Signed-off-by: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
 audio/libsndfile/Makefile |    2 +-
 audio/libsndfile/distinfo |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/audio/libsndfile/Makefile b/audio/libsndfile/Makefile
index 67c3e59..0ec8ccb 100644
--- a/audio/libsndfile/Makefile
+++ b/audio/libsndfile/Makefile
@@ -6,7 +6,7 @@
 PORTNAME=	libsndfile
 MASTER_SITES=	http://www.mega-nerd.com/libsndfile/
diff --git a/audio/libsndfile/distinfo b/audio/libsndfile/distinfo
index e5f689a..5e9e5a5 100644
--- a/audio/libsndfile/distinfo
+++ b/audio/libsndfile/distinfo
@@ -1,3 +1,3 @@
-MD5 (libsndfile-1.0.18.tar.gz) = 9fde6efb1b75ef38398acf856f252416
-SHA256 (libsndfile-1.0.18.tar.gz) = c0821534a8510982d26b3085b148d9091dede53780733515eb49c99a65da293a
-SIZE (libsndfile-1.0.18.tar.gz) = 923666
+MD5 (libsndfile-1.0.19.tar.gz) = 8fa24b0c0a8758543427c9741ea06924
+SHA256 (libsndfile-1.0.19.tar.gz) = 4b567a02e15bcae25fa1aeb3361b4e2cb8b2ce08e9b53faa81f77a34fb2b5419
+SIZE (libsndfile-1.0.19.tar.gz) = 924368
--- update-to-1.0.19.diff ends here ---

The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
  <vuln vid="ed39c2f3-0a82-11de-9a16-001fc66e7203">
    <topic>libsndfile -- integer overflow vulnerability in CAF processor</topic>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>Secunia reports:</p>
          <p>Secunia Research has discovered a vulnerability in
          libsndfile, which can be exploited by malicious people to
          compromise an application using the library.</p>
          <p>The vulnerability is caused due to an integer overflow
          error in the processing of CAF description chunks. This can be
          exploited to cause a heap-based buffer overflow by tricking
          the user into processing a specially crafted CAF audio
          <p>Successful exploitation may allow execution of arbitrary
--- vuln.xml ends here ---

More information about the freebsd-multimedia mailing list