Integer Overflow Issue in libsndfile Affecting Winamp and Other Applications
CVE-2009-0186

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp
Vendor: CVE Published:; 5 March 2009

What is CVE-2009-0186?

An integer overflow issue exists in libsndfile 1.0.18, as utilized by Winamp and various other applications, permitting attackers to execute arbitrary code. The vulnerability arises from the processing of crafted description chunks within CAF audio files, which may lead to a heap-based buffer overflow, causing unpredictable behavior and potential system compromise.

References

http://www.vupen.com/english/advisories/2009/0585

vdb-entryx_refsource_VUPEN

http://security.gentoo.org/glsa/glsa-200904-16.xml

vendor-advisoryx_refsource_GENTOO

http://www.debian.org/security/2009/dsa-1742

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2009
Vulnerability Reserved
Jan 20, 2009

Nullsoft

What is CVE-2009-0186?

References

Timeline