Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-14] DUMB: Heap buffer overflow Vulnerability Scan
Vulnerability Scan Summary
DUMB: Heap buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-14
(DUMB: Heap buffer overflow)
Luigi Auriemma found a heap-based buffer overflow in the
it_read_envelope function which reads the envelope values for volume,
pan and pitch of the instruments referenced in a ".it" (Impulse
Tracker) file with a large number of nodes.
By enticing a user to load a malicious ".it" (Impulse Tracker) file, an
attacker may execute arbitrary code with the rights of the user running
the application that uses a vulnerable DUMB library.
There is no known workaround at this time.
All users of DUMB should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/dumb-0.9.3-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.