Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2009-0490 — Out-of-bounds Write in Audacity
Severity
9.3CRITICALNVD
EPSS
58.1%
top 1.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 10
Latest updateMay 2
Description
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-8f8x-6454-8222: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse↗2022-05-02
OSV▶
CVE-2009-0490: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse↗2009-02-10
CVEList▶
CVE-2009-0490: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse↗2009-02-10