CVE-2006-4089

Name of the Vulnerable Software and Affected Versions AlsaPlayer versions 0.99.76 and earlier

Description The issue is related to multiple buffer overflows that can be triggered by remote attackers, potentially causing a denial of service (application crash) or other unknown impacts. This can occur through various means, including a long Location field sent by a web server, which triggers an overflow in the reconnect function, a long URL sent by a web server when seeking a media file for the playlist, which triggers overflows in new list item and CbUpdated, and a long response sent by a CDDB server, which triggers an overflow in cddb lookup.

Recommendations For AlsaPlayer versions 0.99.76 and earlier, consider disabling the reconnect function in reader/http/http.c, the new list item and CbUpdated functions in interface/gtk/PlaylistWindow.cpp, and the cddb lookup function in input/ccda/cdda engine.c as a temporary workaround until a patch is available. Restrict access to the affected API endpoints, such as those related to web server interactions and CDDB server responses, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.