CVE-2009-0186 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsndfile

CWE-18911 documents7 sources

Severity

9.3CRITICALNVD

EPSS

4.2%

top 11.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile Mega-nerd Libsndfile +1 more

Timeline

PublishedMar 5

Latest updateMay 2

Description

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/libsndfile< libsndfile 1.0.19-1 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.19-1+3

▶NVDmega-nerd/libsndfile1.0.18+20

▶NVDnullsoft/winamp5.541, 5.55+1

🔴Vulnerability Details

GHSA

GHSA-2rcp-rgq6-h5hc: Integer overflow in libsndfile 1↗2022-05-02

▶

OSV

CVE-2009-0186: Integer overflow in libsndfile 1↗2009-03-05

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerability↗2009-03-30

▶

Red Hat

libsndfile: overflows may lead to execution of arbitrary code↗2009-03-03

▶

Debian

CVE-2009-0186: libsndfile - Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, all...↗2009

▶

💬Community

Bugzilla

CVE-2009-1788 libsndfile VOC file heap based buffer overflow↗2009-05-26

▶

Bugzilla

CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F10]↗2009-03-03

▶

Bugzilla

CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [F9]↗2009-03-03

▶

Bugzilla

CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code [epel-5]↗2009-03-03

▶

Bugzilla

CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code↗2009-03-03

▶