Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service (application crash) or possibly execution of arbitrary code via a crafted WAV file.
The old stable distribution (etch), this problem will be fixed in version 0.2.6-6+etch1.
The packages for the oldstable distribution are not included in this advisory. An update will be released soon…
