Heap-based Buffer Overflow in libsndfile Affects Winamp and Other Media Applications
CVE-2009-1791

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Libsndfile
Vendor
CVE Published:
26 May 2009

What is CVE-2009-1791?

A vulnerability exists in the libsndfile library versions 1.0.15 to 1.0.19, specifically in the aiff_read_header function. This flaw allows remote attackers to exploit an improperly crafted AIFF file with an invalid header, potentially leading to application crashes or the execution of arbitrary code. Affected applications, such as Winamp, are particularly vulnerable when processing malicious audio files, providing an avenue for severe security breaches.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://www.mega-nerd.com/libsndfile/
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1324
vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.