CVE-2008-5030

libcaudio 0.99.12p2 - Remote Code Execution via Long CDDB Data

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46392
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32678
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3132
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34353
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/11/6
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:233
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32122
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200903-31.xml
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/07/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/11/4
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/05/1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1665

Scores

EPSS 0.0493
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (1)
libcaudio/libcaudio 0.99.12p2
Published Nov 10, 2008
Tracked Since Feb 18, 2026