Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
From: "Steven M. Christey" <>
Subject: Re: CVE request: libcdaudio

On Wed, 5 Nov 2008, Thomas Biege wrote:

> Hello,
> we need a CVE-ID for a buffer overflow in libcdaudio.
> It is a remotely exploitable heap-based buffer overflow.

Out of curiosity, what makes it remote?

Use CVE-2008-5030

- Steve

Name: CVE-2008-5030
Status: Candidate
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:
Reference: MISC:
Reference: BID:32122
Reference: URL:

Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.