CVE-2009-0186

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
nullsoftwinamp
5.55
nullsoftwinamp
5.541
mega-nerdlibsndfile
𝑥
≤ 1.0.18
mega-nerdlibsndfile
0.0.8
mega-nerdlibsndfile
0.0.28
mega-nerdlibsndfile
1.0.0
mega-nerdlibsndfile
1.0.0:rc1
mega-nerdlibsndfile
1.0.0:rc6
mega-nerdlibsndfile
1.0.1
mega-nerdlibsndfile
1.0.2
mega-nerdlibsndfile
1.0.3
mega-nerdlibsndfile
1.0.4
mega-nerdlibsndfile
1.0.5
mega-nerdlibsndfile
1.0.6
mega-nerdlibsndfile
1.0.7
mega-nerdlibsndfile
1.0.8
mega-nerdlibsndfile
1.0.9
mega-nerdlibsndfile
1.0.10
mega-nerdlibsndfile
1.0.11
mega-nerdlibsndfile
1.0.12
mega-nerdlibsndfile
1.0.13
mega-nerdlibsndfile
1.0.14
mega-nerdlibsndfile
1.0.15
mega-nerdlibsndfile
1.0.16
mega-nerdlibsndfile
1.0.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bullseye
1.0.31-2
fixed
bookworm
1.2.0-1
fixed
sid
1.2.2-1
fixed
trixie
1.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsndfile
intrepid
Fixed 1.0.17-4ubuntu0.8.10.1
released
hardy
Fixed 1.0.17-4ubuntu0.8.04.1
released
gutsy
Fixed 1.0.17-4ubuntu0.7.10.1
released
dapper
Fixed 1.0.12-3ubuntu1.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33980
http://secunia.com/advisories/33981
http://secunia.com/advisories/34316
http://secunia.com/advisories/34526
http://secunia.com/advisories/34642
http://secunia.com/advisories/34791
http://secunia.com/secunia_research/2009-7/
http://secunia.com/secunia_research/2009-8/
http://security.gentoo.org/glsa/glsa-200904-16.xml
http://www.debian.org/security/2009/dsa-1742
http://www.mega-nerd.com/libsndfile/NEWS
http://www.securityfocus.com/archive/1/501399/100/0/threaded
http://www.securityfocus.com/archive/1/501413/100/0/threaded
http://www.securityfocus.com/bid/33963
http://www.securitytracker.com/id?1021784
http://www.ubuntu.com/usn/USN-749-1
http://www.vupen.com/english/advisories/2009/0584
http://www.vupen.com/english/advisories/2009/0585
https://exchange.xforce.ibmcloud.com/vulnerabilities/49038
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33980
http://secunia.com/advisories/33981
http://secunia.com/advisories/34316
http://secunia.com/advisories/34526
http://secunia.com/advisories/34642
http://secunia.com/advisories/34791
http://secunia.com/secunia_research/2009-7/
http://secunia.com/secunia_research/2009-8/
http://security.gentoo.org/glsa/glsa-200904-16.xml
http://www.debian.org/security/2009/dsa-1742
http://www.mega-nerd.com/libsndfile/NEWS
http://www.securityfocus.com/archive/1/501399/100/0/threaded
http://www.securityfocus.com/archive/1/501413/100/0/threaded
http://www.securityfocus.com/bid/33963
http://www.securitytracker.com/id?1021784
http://www.ubuntu.com/usn/USN-749-1
http://www.vupen.com/english/advisories/2009/0584
http://www.vupen.com/english/advisories/2009/0585
https://exchange.xforce.ibmcloud.com/vulnerabilities/49038