// For flags

CVE-2009-1791

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

Desbordamiento de búfer basado en montículo en aiff_read_header en libsndfile desde v1.0.15 hasta v1.0.19, como se utiliza en Winamp v5.552 y posiblemente otros programas multimedia, permite a atacantes remotos producir una denegación (caída de aplicación) y posiblemente la ejecución de código de modo arbitrario a través de un fichero AIFF con un valor de cabecera no valido.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-05-26 CVE Reserved
  • 2009-05-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mega-nerd
Search vendor "Mega-nerd"
 Libsndfile
Search vendor "Mega-nerd" for product "Libsndfile"
 1.0.15
Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.15"
-
Affected
Mega-nerd
Search vendor "Mega-nerd"
 Libsndfile
Search vendor "Mega-nerd" for product "Libsndfile"
 1.0.16
Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.16"
-
Affected
Mega-nerd
Search vendor "Mega-nerd"
 Libsndfile
Search vendor "Mega-nerd" for product "Libsndfile"
 1.0.17
Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.17"
-
Affected
Mega-nerd
Search vendor "Mega-nerd"
 Libsndfile
Search vendor "Mega-nerd" for product "Libsndfile"
 1.0.18
Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.18"
-
Affected
Mega-nerd
Search vendor "Mega-nerd"
 Libsndfile
Search vendor "Mega-nerd" for product "Libsndfile"
 1.0.19
Search vendor "Mega-nerd" for product "Libsndfile" and version "1.0.19"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.5
Search vendor "Nullsoft" for product "Winamp" and version "5.5"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.51
Search vendor "Nullsoft" for product "Winamp" and version "5.51"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.52
Search vendor "Nullsoft" for product "Winamp" and version "5.52"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.54
Search vendor "Nullsoft" for product "Winamp" and version "5.54"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.55
Search vendor "Nullsoft" for product "Winamp" and version "5.55"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.541
Search vendor "Nullsoft" for product "Winamp" and version "5.541"
-
Affected
Nullsoft
Search vendor "Nullsoft"
 Winamp
Search vendor "Nullsoft" for product "Winamp"
 5.552
Search vendor "Nullsoft" for product "Winamp" and version "5.552"
-
Affected