Heap-Based Buffer Overflow in libsndfile Affecting Winamp and Other Media Programs
CVE-2009-1788

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Libsndfile
Vendor
CVE Published:
26 May 2009

What is CVE-2009-1788?

A heap-based buffer overflow vulnerability exists in the voc_read_header function of the libsndfile library versions 1.0.15 to 1.0.19, which is utilized by Winamp and potentially other media playback applications. This flaw can be exploited by remote attackers through crafted VOC files containing invalid header values, leading to application crashes (denial of service) and the possibility of arbitrary code execution.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://trapkit.de/advisories/TKADV2009-006.txt
x_refsource_MISC
http://www.vupen.com/english/advisories/2009/1348
vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.