FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

streamripper -- multiple buffer overflows

Affected packages
streamripper < 1.64.0

Details

VuXML ID 4d4caee0-b939-11dd-a578-0030843d3802
Discovery 2008-11-05
Entry 2008-11-23

Secunia reports:

A boundary error exists within http_parse_sc_header() in lib/http.c when parsing an overly long HTTP header starting with "Zwitterion v".

A boundary error exists within http_get_pls() in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry.

A boundary error exists within http_get_m3u() in lib/http.c when parsing a specially crafted m3u playlist containing an overly long "File" entry.

References

CVE Name CVE-2008-4829
URL http://secunia.com/secunia_research/2008-50/
URL http://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196