Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.

Related bugs and status

CVE-2008-4829 (Candidate) is related to these bugs:

Bug #309370: CVE-2008-4829: streamripper - fix buffer overflow in all releases

Summary				In	Importance	Status
	309370	CVE-2008-4829: streamripper - fix buffer overflow in all releases		streamripper (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
BID: 32356
OSVDB: 49997
SECUNIA: 32562
DEBIAN: DSA-1683
SECUNIA: 33052
SREASON: 4647
SECUNIA: 33061
VUPEN: ADV-2008-3207
BUGTRAQ: 20081119 Secunia Resea...