Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-0136

Published: 16/01/2009 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Amarok

Vulnerability Summary

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 up to and including 2.0.1 allow remote malicious users to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.

Vulnerable Product Search on Vulmon Subscribe to Product

amarok amarok 2.0

amarok amarok 1.4.10

amarok amarok 2.0.1

Vendor Advisories

Ubuntu Security Notice: amarok vulnerabilities
It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (aa) files If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program ...

References

CWE-189https://bugzilla.redhat.com/show_bug.cgi?id=479560http://websvn.kde.org/?view=rev&revision=908391https://bugzilla.redhat.com/show_bug.cgi?id=479946http://www.securitytracker.com/id?1021558http://openwall.com/lists/oss-security/2009/01/14/2http://secunia.com/advisories/33505http://websvn.kde.org/?view=rev&revision=908401http://amarok.kde.org/en/releases/2.0.1.1http://trapkit.de/advisories/TKADV2009-002.txthttp://websvn.kde.org/?view=rev&revision=908415http://bugs.gentoo.org/show_bug.cgi?id=254896http://www.securityfocus.com/bid/33210http://secunia.com/advisories/33522http://www.debian.org/security/2009/dsa-1706http://securityreason.com/securityalert/4915http://www.mandriva.com/security/advisories?name=MDVSA-2009:030http://secunia.com/advisories/33640https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33819http://secunia.com/advisories/34315http://www.ubuntu.com/usn/USN-739-1http://security.gentoo.org/glsa/glsa-200903-34.xmlhttp://secunia.com/advisories/34407http://www.vupen.com/english/advisories/2009/0100http://www.securityfocus.com/archive/1/499984/100/0/threadedhttps://usn.ubuntu.com/739-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook