|
|
Subscribe / Log in / New account

tcl-snack: code execution

Package(s):tcl-snack CVE #(s):CVE-2012-6303
Created:January 14, 2013 Updated:February 26, 2015
Description: From the Secunia Advisory:

Two vulnerabilities have been discovered in Snack Sound Toolkit, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to missing boundary checks in the "GetWavHeader()" function (generic/jkSoundFile.c) when parsing either format sub-chunks or unknown sub-chunks. This can be exploited to cause a heap-based buffer overflow via specially crafted WAV files with overly large chunk sizes specified.

Successful exploitation may allow execution of arbitrary code.

Alerts:
openSUSE openSUSE-SU-2015:0382-1 snack 2015-02-26
Gentoo 201309-04 snack 2013-09-11
Mandriva MDVSA-2013:126 snack 2013-04-10
Mageia MGASA-2013-0017 snack 2013-01-24
Fedora FEDORA-2013-0110 tcl-snack 2013-01-12
Fedora FEDORA-2013-0098 tcl-snack 2013-01-12
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds