CVE-2008-5008

NameCVE-2008-5008
DescriptionBuffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libsamplerate (PTS)buster0.1.9-2fixed
bullseye0.2.1+ds0-1fixed
bookworm0.2.2-3fixed
sid, trixie0.2.2-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsampleratesource(unstable)0.1.4-1low

Notes

[etch] - libsamplerate <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems