CVE-2009-0186
published 2009-03-05CVE-2009-0186: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.64%
88.2th percentile
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsndfile | < libsndfile 1.0.19-1 (bookworm) | libsndfile 1.0.19-1 (bookworm) |
| libsndfile_project | libsndfile | >= 0 < 1.0.19-1 | 1.0.19-1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.19-1 | 1.0.19-1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.19-1 | 1.0.19-1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.19-1 | 1.0.19-1 |
| mega-nerd | libsndfile | <= 1.0.18 | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libsndfile vulnerability
vendor_ubuntu·2009-03-30
CVE-2009-0186 libsndfile vulnerability
Title: libsndfile vulnerability
Summary: libsndfile vulnerability
It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
Instructions: After a standard system upgrade you need to restart your session to effect
the necessary changes.
Red Hat
libsndfile: overflows may lead to execution of arbitrary code
vendor_redhat·2009-03-03·CVSS 9.3
CVE-2009-0186 [CRITICAL] libsndfile: overflows may lead to execution of arbitrary code
libsndfile: overflows may lead to execution of arbitrary code
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
Debian
CVE-2009-0186: libsndfile - Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, all...
vendor_debian·2009·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186: libsndfile - Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, all...
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.0.19-1)
bullseye: resolved (fixed in 1.0.19-1)
forky: resolved (fixed in 1.0.19-1)
sid: resolved (fixed in 1.0.19-1)
trixie: resolved (fixed in 1.0.19-1)
GHSA
GHSA-2rcp-rgq6-h5hc: Integer overflow in libsndfile 1
ghsa_unreviewed·2022-05-02
CVE-2009-0186 [HIGH] GHSA-2rcp-rgq6-h5hc: Integer overflow in libsndfile 1
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
OSV
CVE-2009-0186: Integer overflow in libsndfile 1
osv·2009-03-05·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186: Integer overflow in libsndfile 1
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-1788 libsndfile VOC file heap based buffer overflow
bugzilla·2009-05-26·CVSS 9.3
CVE-2009-1788 [CRITICAL] CVE-2009-1788 libsndfile VOC file heap based buffer overflow
CVE-2009-1788 libsndfile VOC file heap based buffer overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1788 to the following vulnerability:
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC file
with an invalid header value.
Discussion:
*** Bug 501053 has been marked as a duplicate of this bug. ***
---
Link to original Tobias Klein's advisory:
http://trapkit.de/advisories/TKADV2009-006.txt
Issue was fixed upstream in 1.0.20:
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html
Upstream also created patches for few recent versions
Bugzilla
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F10]
bugzilla·2009-03-03·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F10]
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=488362,
---
libsndfile-1.0.20-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libsndfile-1.0.20-3.fc10
---
I made an update to fix the issue.
---
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it wi
Bugzilla
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F9]
bugzilla·2009-03-03·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F9]
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F9]
F9 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=488363,
---
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '9'.
Package Maintainer: If
Bugzilla
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [epel-5]
bugzilla·2009-03-03·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [epel-5]
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [epel-5]
epel-5 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Created attachment 430067
patch from upstream
---
(In reply to comment #1)
> Created an attachment (id=430067) [details]
> patch from upstream
Thanks; building now. Oddly, the libsndfile-1_0_17-3_el5 tag already exists in CVS, even though the spec file was still at -2 -- since CVS was still at -2 and there was no Koji build for -3, I've re-tagged my build as -3.
Michal, since you're already maintaining the EL-6 branch, I'll defer to you for EL-5 updates once you get co-maintainership.
---
libsndfile-1.0.17-3.el5 has been submitted as an update for Fedo
Bugzilla
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
bugzilla·2009-03-03·CVSS 9.3
CVE-2009-0186 [CRITICAL] CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
Quoting Secunia's advisory:
Secunia Research has discovered a vulnerability in libsndfile, which
can be exploited by malicious people to compromise an application
using the library.
The vulnerability is caused due to an integer overflow error in the
processing of CAF description chunks. This can be exploited to cause
a heap-based buffer overflow by tricking the user into processing a
specially crafted CAF audio file.
Successful exploitation may allow execution of arbitrary code.
The original advisory can be found here:
http://secunia.com/secunia_research/2009-7/
Verification of the vulnerability was against 1.0.18; 1.0.19 corrects the problem
Discussion:
Created libsndfile tracking bugs for this issue
CVE
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://secunia.com/advisories/33980http://secunia.com/advisories/33981http://secunia.com/advisories/34316http://secunia.com/advisories/34526http://secunia.com/advisories/34642http://secunia.com/advisories/34791http://secunia.com/secunia_research/2009-7/http://secunia.com/secunia_research/2009-8/http://security.gentoo.org/glsa/glsa-200904-16.xmlhttp://www.debian.org/security/2009/dsa-1742http://www.mega-nerd.com/libsndfile/NEWShttp://www.securityfocus.com/archive/1/501399/100/0/threadedhttp://www.securityfocus.com/archive/1/501413/100/0/threadedhttp://www.securityfocus.com/bid/33963http://www.securitytracker.com/id?1021784http://www.ubuntu.com/usn/USN-749-1http://www.vupen.com/english/advisories/2009/0584http://www.vupen.com/english/advisories/2009/0585https://exchange.xforce.ibmcloud.com/vulnerabilities/49038http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://secunia.com/advisories/33980http://secunia.com/advisories/33981http://secunia.com/advisories/34316http://secunia.com/advisories/34526http://secunia.com/advisories/34642http://secunia.com/advisories/34791http://secunia.com/secunia_research/2009-7/http://secunia.com/secunia_research/2009-8/http://security.gentoo.org/glsa/glsa-200904-16.xmlhttp://www.debian.org/security/2009/dsa-1742http://www.mega-nerd.com/libsndfile/NEWShttp://www.securityfocus.com/archive/1/501399/100/0/threadedhttp://www.securityfocus.com/archive/1/501413/100/0/threadedhttp://www.securityfocus.com/bid/33963http://www.securitytracker.com/id?1021784http://www.ubuntu.com/usn/USN-749-1http://www.vupen.com/english/advisories/2009/0584http://www.vupen.com/english/advisories/2009/0585https://exchange.xforce.ibmcloud.com/vulnerabilities/49038
2009-03-05
Published