CVE-2009-1788
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
Desbordamiento de búfer basado en montículo en voc_read_header en libsndfile desde v1.0.15 hasta v1.0.19, cuando se utiliza en Winamp v5.552 y posiblemente otros programas multimedia, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente la ejecución arbitraria de código a través de un fichero VOC con una valor de cabecera no valido.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-26 CVE Reserved
- 2009-05-26 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/35126 | Third Party Advisory | |
| http://secunia.com/advisories/35247 | Third Party Advisory | |
| http://secunia.com/advisories/35443 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50541 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50827 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://trapkit.de/advisories/TKADV2009-006.txt | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile | 2017-08-17 | |
| http://www.mega-nerd.com/libsndfile | 2017-08-17 | |
| http://www.securityfocus.com/bid/34978 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2009/1324 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2009/1348 | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35076 | 2017-08-17 | |
| http://security.gentoo.org/glsa/glsa-200905-09.xml | 2017-08-17 | |
| http://www.debian.org/security/2009/dsa-1814 | 2017-08-17 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.15 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.15" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.16 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.16" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.17 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.17" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.18 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.18" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.19 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.19" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.5 Search vendor "Nullsoft" for product "Winamp" and version "5.5" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.51 Search vendor "Nullsoft" for product "Winamp" and version "5.51" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.52 Search vendor "Nullsoft" for product "Winamp" and version "5.52" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.54 Search vendor "Nullsoft" for product "Winamp" and version "5.54" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.55 Search vendor "Nullsoft" for product "Winamp" and version "5.55" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.541 Search vendor "Nullsoft" for product "Winamp" and version "5.541" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.552 Search vendor "Nullsoft" for product "Winamp" and version "5.552" | - |
Affected
| ||||||