CVE-2009-0136 | Vulnerability Database | Aqua Security

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.

Affected Software

Name	Vendor	Start Version	End Version
Amarok	Amarok	1.4.10 (including)	1.4.10 (including)
Amarok	Amarok	2.0 (including)	2.0 (including)
Amarok	Amarok	2.0.1 (including)	2.0.1 (including)
Amarok	Ubuntu	gutsy	*
Amarok	Ubuntu	hardy	*
Amarok	Ubuntu	intrepid	*
Amarok	Ubuntu	upstream	*

References

http://amarok.kde.org/en/releases/2.0.1.1
http://bugs.gentoo.org/show_bug.cgi?id=254896
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://openwall.com/lists/oss-security/2009/01/14/2
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://securityreason.com/securityalert/4915
http://trapkit.de/advisories/TKADV2009-002.txt
http://websvn.kde.org/?view=rev\u0026revision=908391
http://websvn.kde.org/?view=rev\u0026revision=908401
http://websvn.kde.org/?view=rev\u0026revision=908415
http://www.debian.org/security/2009/dsa-1706
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
http://www.securityfocus.com/archive/1/499984/100/0/threaded
http://www.securityfocus.com/bid/33210
http://www.securitytracker.com/id?1021558
http://www.ubuntu.com/usn/USN-739-1
http://www.vupen.com/english/advisories/2009/0100
https://bugzilla.redhat.com/show_bug.cgi?id=479560
https://bugzilla.redhat.com/show_bug.cgi?id=479946
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html
http://amarok.kde.org/en/releases/2.0.1.1
http://bugs.gentoo.org/show_bug.cgi?id=254896
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://openwall.com/lists/oss-security/2009/01/14/2
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://securityreason.com/securityalert/4915
http://trapkit.de/advisories/TKADV2009-002.txt
http://websvn.kde.org/?view=rev\u0026revision=908391
http://websvn.kde.org/?view=rev\u0026revision=908401
http://websvn.kde.org/?view=rev\u0026revision=908415
http://www.debian.org/security/2009/dsa-1706
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
http://www.securityfocus.com/archive/1/499984/100/0/threaded
http://www.securityfocus.com/bid/33210
http://www.securitytracker.com/id?1021558
http://www.ubuntu.com/usn/USN-739-1
http://www.vupen.com/english/advisories/2009/0100
https://bugzilla.redhat.com/show_bug.cgi?id=479560
https://bugzilla.redhat.com/show_bug.cgi?id=479946
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0136
CWE	https://cwe.mitre.org/data/definitions/189.html