CVE-2008-5824

Name of the Vulnerable Software and Affected Versions libaudiofile0 versions 0.2.6 and earlier libaudiofile0-dbg versions 0.2.6 and earlier libaudiofile0-dev versions 0.2.6 and earlier

Description The issue is related to multiple vulnerabilities in the libaudiofile0 package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A specific vulnerability in the msadpcm.c file of the libaudiofile library is caused by a heap-based buffer overflow, allowing a local attacker to cause a denial of service or possibly execute arbitrary code using a specially crafted WAV file.

Recommendations For libaudiofile0 version 0.2.6 and earlier, consider disabling the use of the msadpcm.c file until a patch is available. For libaudiofile0-dbg version 0.2.6 and earlier, restrict access to the vulnerable module to minimize the risk of exploitation. For libaudiofile0-dev version 0.2.6 and earlier, avoid using the vulnerable library until the issue is resolved. As a temporary workaround, consider restricting the use of WAV files in the affected applications until the issue is resolved.