Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.osvdb.org/49997 | vdb entry |
| http://secunia.com/advisories/32562 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2008/3207 | vdb entry |
| http://secunia.com/advisories/33052 | third party advisory |
| http://www.securityfocus.com/archive/1/498486/100/0/threaded | mailing list |
| http://www.debian.org/security/2008/dsa-1683 | vendor advisory |
| http://secunia.com/secunia_research/2008-50/ | |
| http://secunia.com/advisories/33061 | third party advisory |
| http://www.securityfocus.com/bid/32356 | vdb entry |
| http://securityreason.com/securityalert/4647 | third party advisory |