CVE-2009-0186

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Nullsoft Winamp

First reported 15 years ago

2009-03-05 02:30:00

Last updated 6 years ago

2018-10-11 21:00:00

Affected Software

Nullsoft Winamp 5.55

5.55

Nullsoft Winamp 5.541

5.541

References

SUSE-SR:2009:008

33980

Vendor Advisory

33981

Vendor Advisory

34316

34526

34642

34791

http://secunia.com/secunia_research/2009-7/

Vendor Advisory

http://secunia.com/secunia_research/2009-8/

Vendor Advisory

GLSA-200904-16

DSA-1742

http://www.mega-nerd.com/libsndfile/NEWS

20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability

20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability

33963

1021784

USN-749-1

ADV-2009-0584

Vendor Advisory

ADV-2009-0585

Vendor Advisory

libsndfile-caf-bo(49038)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.