CVE-2006-3600

Properties

Published:
17.07.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Product:
libtunepimp: libtunepimp

Vulnerability description

Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings.

References:

http://bugs.musicbrainz.org/ticket/1764: http://bugs.musicbrainz.org/ticket/1764
UBUNTU: http://www.ubuntu.com/usn/usn-318-1
BID: http://www.securityfocus.com/bid/18961
SECUNIA: http://secunia.com/advisories/21026
SECUNIA: http://secunia.com/advisories/21027
FRSIRT: http://www.frsirt.com/english/advisories/2006/2785
XF: http://xforce.iss.net/xforce/xfdb/27728
SECTRACK: http://securitytracker.com/id?1016539
MANDRIVA: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:126
SECUNIA: http://secunia.com/advisories/21106
GENTOO: http://security.gentoo.org/glsa/glsa-200607-11.xml
DEBIAN: http://www.debian.org/security/2006/dsa-1135
SECUNIA: http://secunia.com/advisories/21277
SECUNIA: http://secunia.com/advisories/21323
OSVDB: http://www.osvdb.org/27094
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:126