Vulnerability Details CVE-2008-5030
Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 90.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
- http://secunia.com/advisories/32678
- http://secunia.com/advisories/34353
- http://security.gentoo.org/glsa/glsa-200903-31.xml
- http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
- http://www.debian.org/security/2008/dsa-1665
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:233
- http://www.openwall.com/lists/oss-security/2008/11/05/1
- http://www.openwall.com/lists/oss-security/2008/11/07/1
- http://www.openwall.com/lists/oss-security/2008/11/11/4
- http://www.openwall.com/lists/oss-security/2008/11/11/6
- http://www.securityfocus.com/bid/32122
- http://www.vupen.com/english/advisories/2008/3132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46392
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
- http://secunia.com/advisories/32678
- http://secunia.com/advisories/34353
- http://security.gentoo.org/glsa/glsa-200903-31.xml
- http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
- http://www.debian.org/security/2008/dsa-1665
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:233
- http://www.openwall.com/lists/oss-security/2008/11/05/1
- http://www.openwall.com/lists/oss-security/2008/11/07/1
- http://www.openwall.com/lists/oss-security/2008/11/11/4
- http://www.openwall.com/lists/oss-security/2008/11/11/6
- http://www.securityfocus.com/bid/32122
- http://www.vupen.com/english/advisories/2008/3132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46392