Vulnerability Description
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mega-Nerd | Libsndfile | 1.0.15 |
| Nullsoft | Winamp | 5.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35076Vendor Advisory
- http://secunia.com/advisories/35126
- http://secunia.com/advisories/35247
- http://secunia.com/advisories/35443
- http://security.gentoo.org/glsa/glsa-200905-09.xml
- http://trapkit.de/advisories/TKADV2009-006.txtExploit
- http://www.debian.org/security/2009/dsa-1814
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
- http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/PatchVendor Advisory
- http://www.mega-nerd.com/libsndfile/Patch
- http://www.securityfocus.com/bid/34978Patch
- http://www.vupen.com/english/advisories/2009/1324PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/1348PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50827
FAQ
What is CVE-2009-1788?
CVE-2009-1788 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (appl...
How severe is CVE-2009-1788?
CVE-2009-1788 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1788?
Check the references section above for vendor advisories and patch information. Affected products include: Mega-Nerd Libsndfile, Nullsoft Winamp.