Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-0186

Published: 05/03/2009 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Nullsoft

Vulnerability Summary

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent malicious users to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

nullsoft winamp 5.541

nullsoft winamp 5.55

mega-nerd libsndfile 1.0.14

mega-nerd libsndfile 1.0.13

mega-nerd libsndfile 1.0.12

mega-nerd libsndfile 1.0.5

mega-nerd libsndfile 1.0.4

mega-nerd libsndfile 0.0.28

mega-nerd libsndfile 0.0.8

mega-nerd libsndfile 1.0.11

mega-nerd libsndfile 1.0.10

mega-nerd libsndfile 1.0.3

mega-nerd libsndfile 1.0.2

mega-nerd libsndfile

mega-nerd libsndfile 1.0.17

mega-nerd libsndfile 1.0.9

mega-nerd libsndfile 1.0.8

mega-nerd libsndfile 1.0.1

mega-nerd libsndfile 1.0.0

mega-nerd libsndfile 1.0.16

mega-nerd libsndfile 1.0.15

mega-nerd libsndfile 1.0.7

mega-nerd libsndfile 1.0.6

Vendor Advisories

Debian CVElist Bug Report Logs: libsndfile1: Potential heap overflow in all versions <= 1.0.19
Debian Bug report logs - #528650 libsndfile1: Potential heap overflow in all versions &lt;= 1019 Package: libsndfile1; Maintainer for libsndfile1 is Debian Multimedia Maintainers &lt;debian-multimedia@listsdebianorg&gt;; Source for libsndfile1 is src:libsndfile (PTS, buildd, popcon) Reported by: Erik de Castro Lopo &lt;erikd@m ...
Ubuntu Security Notice: libsndfile vulnerability
It was discovered that libsndfile did not correctly handle description chunks in CAF audio files If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program ...
Debian Security Advisories: DSA-1742-1 libsndfile -- integer overflow
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution For the oldstable distribution (etch) this problem has been fixed in version 1016-2+etch1 F ...

References

CWE-189http://www.securityfocus.com/bid/33963http://secunia.com/advisories/33980http://www.mega-nerd.com/libsndfile/NEWShttp://www.vupen.com/english/advisories/2009/0585http://secunia.com/advisories/33981http://secunia.com/secunia_research/2009-7/http://www.vupen.com/english/advisories/2009/0584http://secunia.com/secunia_research/2009-8/http://www.debian.org/security/2009/dsa-1742http://secunia.com/advisories/34316http://www.ubuntu.com/usn/USN-749-1http://secunia.com/advisories/34526http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://secunia.com/advisories/34642http://secunia.com/advisories/34791http://security.gentoo.org/glsa/glsa-200904-16.xmlhttp://www.securitytracker.com/id?1021784https://exchange.xforce.ibmcloud.com/vulnerabilities/49038http://www.securityfocus.com/archive/1/501413/100/0/threadedhttp://www.securityfocus.com/archive/1/501399/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528650https://usn.ubuntu.com/749-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook