Buffer Overflow Vulnerability in gAlan Audio Processing Software by gAlan
CVE-2009-20004

8.4HIGH

Key Information:

Vendor: Galan
Status: Galan
Vendor: CVE Published:; 21 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-20004?

gAlan 0.2.1, a modular audio processing environment for Windows, is susceptible to a stack-based buffer overflow due to improper validation of input lengths when parsing .galan files. This vulnerability allows attackers to craft malicious files that could overwrite the stack, potentially enabling the execution of arbitrary code. Exploitation necessitates local interaction, usually compelling a user to open a crafted .galan file.

Affected Version(s)

gAlan * <= 0.2.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-20004 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...

exploit

https://www.exploit-db.com/exploits/16664

exploit

https://www.exploit-db.com/exploits/10345

exploit

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

🟡
Public PoC available
Aug 21, 2025
👾
Exploit known to exist
Aug 21, 2025
Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 21, 2025

Credit

Jeremy Brown

JSON

Galan

Badges

What is CVE-2009-20004?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V4

Timeline

Credit