CVE-2009-1788 - Vulnerability Details

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mega-nerd	Libsndfile
Nullsoft	Winamp

Configuration 1 [-]

OR	cpe:2.3:a:mega-nerd:libsndfile:1.0.15:::::::*
	cpe:2.3:a:mega-nerd:libsndfile:1.0.16:::::::*
	cpe:2.3:a:mega-nerd:libsndfile:1.0.17:::::::*
	cpe:2.3:a:mega-nerd:libsndfile:1.0.18:::::::*
	cpe:2.3:a:mega-nerd:libsndfile:1.0.19:::::::*
	cpe:2.3:a:nullsoft:winamp:5.5:::::::*
	cpe:2.3:a:nullsoft:winamp:5.51:::::::*
	cpe:2.3:a:nullsoft:winamp:5.52:::::::*
	cpe:2.3:a:nullsoft:winamp:5.54:::::::*
	cpe:2.3:a:nullsoft:winamp:5.55:::::::*
	cpe:2.3:a:nullsoft:winamp:5.541:::::::*
	cpe:2.3:a:nullsoft:winamp:5.552:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/35076
http://secunia.com/advisories/35126
http://secunia.com/advisories/35247
http://secunia.com/advisories/35443
http://security.gentoo.org/glsa/glsa-200905-09.xml
http://trapkit.de/advisories/TKADV2009-006.txt
http://www.debian.org/security/2009/dsa-1814
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
http://www.mega-nerd.com/libsndfile/
http://www.securityfocus.com/bid/34978
http://www.vupen.com/english/advisories/2009/1324
http://www.vupen.com/english/advisories/2009/1348
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
https://exchange.xforce.ibmcloud.com/vulnerabilities/50827
https://nvd.nist.gov/vuln/detail/CVE-2009-1788
https://www.cve.org/CVERecord?id=CVE-2009-1788

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-26T16:00:00

Updated: 2024-08-07T05:27:54.403Z

Reserved: 2009-05-26T00:00:00

Link: CVE-2009-1788

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-05-26T16:30:02.937

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1788

Redhat

Severity : Important

Publid Date: 2009-05-15T00:00:00Z

Links: CVE-2009-1788 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object