CVE-2009-0186

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
nullsoftwinamp
5.55
nullsoftwinamp
5.541
mega-nerdlibsndfile
𝑥
≤ 1.0.18
mega-nerdlibsndfile
0.0.8
mega-nerdlibsndfile
0.0.28
mega-nerdlibsndfile
1.0.0
mega-nerdlibsndfile
1.0.0:rc1
mega-nerdlibsndfile
1.0.0:rc6
mega-nerdlibsndfile
1.0.1
mega-nerdlibsndfile
1.0.2
mega-nerdlibsndfile
1.0.3
mega-nerdlibsndfile
1.0.4
mega-nerdlibsndfile
1.0.5
mega-nerdlibsndfile
1.0.6
mega-nerdlibsndfile
1.0.7
mega-nerdlibsndfile
1.0.8
mega-nerdlibsndfile
1.0.9
mega-nerdlibsndfile
1.0.10
mega-nerdlibsndfile
1.0.11
mega-nerdlibsndfile
1.0.12
mega-nerdlibsndfile
1.0.13
mega-nerdlibsndfile
1.0.14
mega-nerdlibsndfile
1.0.15
mega-nerdlibsndfile
1.0.16
mega-nerdlibsndfile
1.0.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bullseye
1.0.31-2
fixed
bookworm
1.2.0-1
fixed
sid
1.2.2-1
fixed
trixie
1.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsndfile
intrepid
Fixed 1.0.17-4ubuntu0.8.10.1
released
hardy
Fixed 1.0.17-4ubuntu0.8.04.1
released
gutsy
Fixed 1.0.17-4ubuntu0.7.10.1
released
dapper
Fixed 1.0.12-3ubuntu1.1
released
Common Weakness Enumeration
References