Vulnerability Description
Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mega-Nerd | Secret Rabbit Code | <= 0.1.3 |
Related Weaknesses (CWE)
References
- http://security.gentoo.org/glsa/glsa-200812-05.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:238
- http://www.mega-nerd.com/SRC/ChangeLog
- http://www.openwall.com/lists/oss-security/2008/11/03/6
- http://www.securityfocus.com/bid/32090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46542
- http://security.gentoo.org/glsa/glsa-200812-05.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:238
- http://www.mega-nerd.com/SRC/ChangeLog
- http://www.openwall.com/lists/oss-security/2008/11/03/6
- http://www.securityfocus.com/bid/32090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46542
FAQ
What is CVE-2008-5008?
CVE-2008-5008 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact...
How severe is CVE-2008-5008?
CVE-2008-5008 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5008?
Check the references section above for vendor advisories and patch information. Affected products include: Mega-Nerd Secret Rabbit Code.