CVE-2008-5030

Name of the Vulnerable Software and Affected Versions libcdaudio versions prior to 0.99.12-r1 libcdaudio-dev versions (affected versions not specified)

Description The issue involves multiple vulnerabilities in the libcdaudio package that can lead to breaches in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a heap-based buffer overflow in the cddb read disc data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.

Recommendations For versions prior to 0.99.12-r1, update to version 0.99.12-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cddb read disc data function in cddb.c until a patch is available. Avoid using long CDDB data in the affected API endpoint until the issue is resolved. At the moment, there is no information about additional mitigation measures for libcdaudio-dev.