FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libcdaudio -- remote buffer overflow and code execution

Affected packages
libcdaudio < 0.99.12p2_2


VuXML ID bd730827-dfe0-11dd-a765-0030843d3802
Discovery 2008-11-05
Entry 2009-01-11

securityfocus reports:

The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.

A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.

To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.


Bugtraq ID 12770
Bugtraq ID 32122
CVE Name CVE-2005-0706
CVE Name CVE-2008-5030