From 21259574783d90386183004e177aa1f1856a6308 Mon Sep 17 00:00:00 2001 From: miwi Date: Sun, 23 Nov 2008 08:38:54 +0000 Subject: - Document streamripper -- multiple buffer overflows PR: based on 128999 --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 21be3fc8d2c2..d898cfaa51c4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + streamripper -- multiple buffer overflows + + + streamripper + 1.64.0 + + + + +

Secunia reports:

+
A boundary error exists within http_parse_sc_header() in lib/http.c + when parsing an overly long HTTP header starting with "Zwitterion v".
+
A boundary error exists within http_get_pls() in lib/http.c when + parsing a specially crafted pls playlist containing an overly long + entry.
+
A boundary error exists within http_get_m3u() in lib/http.c when + parsing a specially crafted m3u playlist containing an overly long + "File" entry.
+

+ + + + CVE-2008-4829 + http://secunia.com/secunia_research/2008-50/ + http://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196 + + + 2008-11-05 + 2008-11-23 + + + mantis -- session hijacking vulnerability -- cgit