Referenced CVEs:
CVE-2008-5824
Description:
=========================================================== Ubuntu Security Notice USN-912-1 March 16, 2010 audiofile vulnerability CVE-2008-5824 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libaudiofile0 0.2.6-6ubuntu1.1 Ubuntu 8.04 LTS: libaudiofile0 0.2.6-7ubuntu1.8.04.1 Ubuntu 8.10: libaudiofile0 0.2.6-7ubuntu1.8.10.1 Ubuntu 9.04: libaudiofile0 0.2.6-7ubuntu1.9.04.1 Ubuntu 9.10: libaudiofile0 0.2.6-7ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service.
More...