Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0186

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0186
Last Modified 27 Apr 2010 01:48:33
Published 04 Mar 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0186

Summary

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Mega-nerd Libsndfile 0.0.28

  • Mega-nerd Libsndfile 0.0.8

  • Mega-nerd Libsndfile 1.0.0

  • Mega-nerd Libsndfile 1.0.1

  • Mega-nerd Libsndfile 1.0.10

  • Mega-nerd Libsndfile 1.0.11

  • Mega-nerd Libsndfile 1.0.12

  • Mega-nerd Libsndfile 1.0.13

  • Mega-nerd Libsndfile 1.0.14

  • Mega-nerd Libsndfile 1.0.15

  • Mega-nerd Libsndfile 1.0.16

  • Mega-nerd Libsndfile 1.0.17

  • Mega-nerd Libsndfile 1.0.18

  • Mega-nerd Libsndfile 1.0.2

  • Mega-nerd Libsndfile 1.0.3

  • Mega-nerd Libsndfile 1.0.4

  • Mega-nerd Libsndfile 1.0.5

  • Mega-nerd Libsndfile 1.0.6

  • Mega-nerd Libsndfile 1.0.7

  • Mega-nerd Libsndfile 1.0.8

  • Mega-nerd Libsndfile 1.0.9

  • Nullsoft Winamp 5.541

  • Nullsoft Winamp 5.55


References

XF - libsndfile-caf-bo(49038)

VUPEN - ADV-2009-0585

VUPEN - ADV-2009-0584

UBUNTU - USN-749-1

SECTRACK - 1021784

BID - 33963

BUGTRAQ - 20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability

BUGTRAQ - 20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability

CONFIRM - http://www.mega-nerd.com/libsndfile/NEWS

DEBIAN - DSA-1742

GENTOO - GLSA-200904-16

MISC - http://secunia.com/secunia_research/2009-8/

MISC - http://secunia.com/secunia_research/2009-7/

SECUNIA - 34791

SECUNIA - 34642

SECUNIA - 34526

SECUNIA - 34316

SECUNIA - 33981

SECUNIA - 33980

SUSE - SUSE-SR:2009:008

Related Patches

Novell SUSE 2009:6040 libsndfile security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:08