CVE Vulnerabilities

CVE-2009-0186

Published: Mar 05, 2009 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Winamp Nullsoft 5.55 (including) 5.55 (including)
Winamp Nullsoft 5.541 (including) 5.541 (including)
Libsndfile Ubuntu dapper *
Libsndfile Ubuntu devel *
Libsndfile Ubuntu gutsy *
Libsndfile Ubuntu hardy *
Libsndfile Ubuntu intrepid *
Libsndfile Ubuntu upstream *

References