{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-10T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33273", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33273"}, {"name": "SUSE-SR:2009:003", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"}, {"name": "ADV-2009-0005", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0005"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://musicpd.org/mantis/view.php?id=1915"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"}, {"name": "33066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33066"}, {"name": "USN-912-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-912-1"}, {"name": "[oss-security] 20081230 CVE id request: audiofile", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2008/12/30/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5824", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33273"}, {"name": "SUSE-SR:2009:003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"}, {"name": "ADV-2009-0005", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0005"}, {"name": "http://musicpd.org/mantis/view.php?id=1915", "refsource": "CONFIRM", "url": "http://musicpd.org/mantis/view.php?id=1915"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"}, {"name": "33066", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33066"}, {"name": "USN-912-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-912-1"}, {"name": "[oss-security] 20081230 CVE id request: audiofile", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2008/12/30/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.793Z"}, "title": "CVE Program Container", "references": [{"name": "33273", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33273"}, {"name": "SUSE-SR:2009:003", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"}, {"name": "ADV-2009-0005", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://musicpd.org/mantis/view.php?id=1915"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"}, {"name": "33066", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33066"}, {"name": "USN-912-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-912-1"}, {"name": "[oss-security] 20081230 CVE id request: audiofile", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2008/12/30/1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5824", "datePublished": "2009-01-02T19:00:00", "dateReserved": "2009-01-02T00:00:00", "dateUpdated": "2024-08-07T11:04:44.793Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:68k:audiofile:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A0D079F6-8921-41AF-BCAF-EF7125874758", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en msadpcm.c de libaudiofile del software audiofile 0.2.6, permite a atacantes, dependiendo del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero .WAV modificado."}], "id": "CVE-2008-5824", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-02T19:30:01.780", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://musicpd.org/mantis/view.php?id=1915"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2008/12/30/1"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33273"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33066"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-912-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://musicpd.org/mantis/view.php?id=1915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2008/12/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-912-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0005"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=479966\n\nThe Red Hat Security Response Team has rated this issue as having low\nsecurity impact, a future update may address this flaw. More\ninformation regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/", "lastModified": "2009-02-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution)", "id": "479966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479966"}, "csaw": false, "cvss": {"cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file."], "name": "CVE-2008-5824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "audiofile", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "audiofile", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "audiofile", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2008-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5824\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-5824"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}