Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 9 Feb 2009 19:25:33 -0500 (EST)
From: "Steven M. Christey" <>
Subject: Re: CVE request: Audacity <1.3.6 Buffer overflow

Name: CVE-2009-0490
Status: Candidate
Reference: MILW0RM:7634
Reference: URL:
Reference: MLIST:[audacity-devel] 20090110 Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow
Reference: URL:
Reference: CONFIRM:
Reference: BID:33090
Reference: URL:
Reference: FRSIRT:ADV-2009-0008
Reference: URL:
Reference: OSVDB:51070
Reference: URL:
Reference: SECUNIA:33356
Reference: URL:

Stack-based buffer overflow in the String_parse::get_nonspace_quoted
function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
versions before 1.3.6 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a .gro file
containing a long string.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.