Amarok Player Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Amarok Player for Linux and is prone to Multiple Vulnerabilities.

Impact

Successful exploitation will allow attacker to execute malicious arbitrary codes or can cause heap overflow in the context of the application.

Solution

Upgrade to the latest version 2.0.1.1 http://amarok.kde.org

Insight

Multiple flaws are due to integer overflow errors within the Audible::Tag::readTag function in src/metadata/audible/audibletag.cpp. This can be exploited via specially crafted Audible Audio files with a large nlen or vlen Tag value.

Affected

Amarok Player version prior to 2.0.1.1 on Linux

References

http://amarok.kde.org/de/node/600
http://secunia.com/Advisories/33505
http://trapkit.de/advisories/TKADV2009-002.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0135, CVE-2009-0136
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Asterisk HTTP Manager Buffer Overflow Vulnerability
Audacity Buffer Overflow Vulnerability (Linux)
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
Adobe Flash Player Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities