CVE-2010-3349

Name of the Vulnerable Software and Affected Versions Ardour version 2.8.11

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to Ardour placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For Ardour version 2.8.11, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious library loading until a patch is available. As a temporary workaround, avoid using Ardour in untrusted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.