CVE-2009-0186

Published: Mar 5, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Affected (25)

Products: Nullsoft: Winamp · Mega Nerd: Libsndfile

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Nullsoft Winamp	Version 5.541
Nullsoft Winamp	Version 5.55

Configuration B

23 vulnerable

Vulnerable Software	Affected Versions
Mega Nerd Libsndfile	Up to 1.0.18
Mega Nerd Libsndfile	Version 0.0.28
Mega Nerd Libsndfile	Version 0.0.8
Mega Nerd Libsndfile	Version 1.0.0
Mega Nerd Libsndfile	Version 1.0.0 rc1
Mega Nerd Libsndfile	Version 1.0.0 rc6
Mega Nerd Libsndfile	Version 1.0.10
Mega Nerd Libsndfile	Version 1.0.11
Mega Nerd Libsndfile	Version 1.0.12
Mega Nerd Libsndfile	Version 1.0.13
Mega Nerd Libsndfile	Version 1.0.14
Mega Nerd Libsndfile	Version 1.0.15
Mega Nerd Libsndfile	Version 1.0.16
Mega Nerd Libsndfile	Version 1.0.17
Mega Nerd Libsndfile	Version 1.0.1
Mega Nerd Libsndfile	Version 1.0.2
Mega Nerd Libsndfile	Version 1.0.3
Mega Nerd Libsndfile	Version 1.0.4
Mega Nerd Libsndfile	Version 1.0.5
Mega Nerd Libsndfile	Version 1.0.6
Mega Nerd Libsndfile	Version 1.0.7
Mega Nerd Libsndfile	Version 1.0.8
Mega Nerd Libsndfile	Version 1.0.9

Related CWEs

References (40)

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/33980

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/33981

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/34316

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/34526

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/34642

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/34791

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/secunia_research/2009-7/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2009-8/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200904-16.xml

Source: PSIRT-CNA@flexerasoftware.com

http://www.debian.org/security/2009/dsa-1742

Source: PSIRT-CNA@flexerasoftware.com

http://www.mega-nerd.com/libsndfile/NEWS

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/501399/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/501413/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/33963

Source: PSIRT-CNA@flexerasoftware.com

http://www.securitytracker.com/id?1021784

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/USN-749-1

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2009/0584

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0585

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49038

Source: PSIRT-CNA@flexerasoftware.com

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33980

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/33981

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34316

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34526

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34642

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34791

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2009-7/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2009-8/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200904-16.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1742

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mega-nerd.com/libsndfile/NEWS

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/501399/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/501413/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33963

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-749-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0584

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0585

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49038

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.