Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a fmt wave chunk.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bladeenc | Bladeenc | 0.92.7 (including) | 0.92.7 (including) |
| Bladeenc | Bladeenc | 0.93.10 (including) | 0.93.10 (including) |
| Bladeenc | Bladeenc | 0.94.0 (including) | 0.94.0 (including) |
| Bladeenc | Bladeenc | 0.94.1 (including) | 0.94.1 (including) |
| Bladeenc | Bladeenc | 0.94.2 (including) | 0.94.2 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=104428700106672\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104446346127432\u0026w=2
- http://www.iss.net/security_center/static/11227.php
- http://www.pivx.com/luigi/adv/blade942-adv.txt
- http://www.securityfocus.com/bid/6745
- http://marc.info/?l=bugtraq\u0026m=104428700106672\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104446346127432\u0026w=2
- http://www.iss.net/security_center/static/11227.php
- http://www.pivx.com/luigi/adv/blade942-adv.txt
- http://www.securityfocus.com/bid/6745