{ "affected": [ { "ecosystem_specific": { "urgency": "medium" }, "package": { "ecosystem": "Debian:11", "name": "alsaplayer" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.99.76-9" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "medium" }, "package": { "ecosystem": "Debian:12", "name": "alsaplayer" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.99.76-9" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "medium" }, "package": { "ecosystem": "Debian:13", "name": "alsaplayer" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.99.76-9" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "medium" }, "package": { "ecosystem": "Debian:14", "name": "alsaplayer" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.99.76-9" } ], "type": "ECOSYSTEM" } ] } ], "details": "Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.", "id": "DEBIAN-CVE-2006-4089", "modified": "2026-04-28T19:53:06.255878330Z", "published": "2006-08-11T10:04:00Z", "references": [ { "type": "ADVISORY", "url": "https://security-tracker.debian.org/tracker/CVE-2006-4089" } ], "upstream": [ "CVE-2006-4089" ] }