CVE-2009-1791
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
Desbordamiento de búfer basado en montículo en aiff_read_header en libsndfile desde v1.0.15 hasta v1.0.19, como se utiliza en Winamp v5.552 y posiblemente otros programas multimedia, permite a atacantes remotos producir una denegación (caída de aplicación) y posiblemente la ejecución de código de modo arbitrario a través de un fichero AIFF con un valor de cabecera no valido.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-26 CVE Reserved
- 2009-05-26 CVE Published
- 2023-11-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/35247 | Third Party Advisory | |
| http://secunia.com/advisories/35443 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50541 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile | 2017-08-17 | |
| http://www.mega-nerd.com/libsndfile | 2017-08-17 | |
| http://www.securityfocus.com/bid/34978 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2009/1324 | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35076 | 2017-08-17 | |
| http://security.gentoo.org/glsa/glsa-200905-09.xml | 2017-08-17 | |
| http://www.debian.org/security/2009/dsa-1814 | 2017-08-17 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.15 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.15" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.16 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.16" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.17 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.17" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.18 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.18" | - |
Affected
| ||||||
| Mega-nerd Search vendor "Mega-nerd" | Libsndfile Search vendor "Mega-nerd" for product "Libsndfile" | 1.0.19 Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.19" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.5 Search vendor "Nullsoft" for product "Winamp" and version "5.5" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.51 Search vendor "Nullsoft" for product "Winamp" and version "5.51" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.52 Search vendor "Nullsoft" for product "Winamp" and version "5.52" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.54 Search vendor "Nullsoft" for product "Winamp" and version "5.54" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.55 Search vendor "Nullsoft" for product "Winamp" and version "5.55" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.541 Search vendor "Nullsoft" for product "Winamp" and version "5.541" | - |
Affected
| ||||||
| Nullsoft Search vendor "Nullsoft" | Winamp Search vendor "Nullsoft" for product "Winamp" | 5.552 Search vendor "Nullsoft" for product "Winamp" and version "5.552" | - |
Affected
| ||||||