Vulnerability Details CVE-2009-1791
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.085
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/35076
- http://secunia.com/advisories/35247
- http://secunia.com/advisories/35443
- http://security.gentoo.org/glsa/glsa-200905-09.xml
- http://www.debian.org/security/2009/dsa-1814
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
- http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
- http://www.mega-nerd.com/libsndfile/
- http://www.securityfocus.com/bid/34978
- http://www.vupen.com/english/advisories/2009/1324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
- http://secunia.com/advisories/35076
- http://secunia.com/advisories/35247
- http://secunia.com/advisories/35443
- http://security.gentoo.org/glsa/glsa-200905-09.xml
- http://www.debian.org/security/2009/dsa-1814
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
- http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
- http://www.mega-nerd.com/libsndfile/
- http://www.securityfocus.com/bid/34978
- http://www.vupen.com/english/advisories/2009/1324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
Products affected by CVE-2009-1791
-
cpe:2.3:a:mega-nerd:libsndfile:1.0.15
-
cpe:2.3:a:mega-nerd:libsndfile:1.0.16
-
cpe:2.3:a:mega-nerd:libsndfile:1.0.17
-
cpe:2.3:a:mega-nerd:libsndfile:1.0.18
-
cpe:2.3:a:mega-nerd:libsndfile:1.0.19
-
cpe:2.3:a:nullsoft:winamp:5.5
-
cpe:2.3:a:nullsoft:winamp:5.51
-
cpe:2.3:a:nullsoft:winamp:5.52
-
cpe:2.3:a:nullsoft:winamp:5.54
-
cpe:2.3:a:nullsoft:winamp:5.541
-
cpe:2.3:a:nullsoft:winamp:5.55
-
cpe:2.3:a:nullsoft:winamp:5.552