CVE-2009-1788

Published: May 26, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

Affected (12)

Products: Mega Nerd: Libsndfile · Nullsoft: Winamp

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Mega Nerd Libsndfile	Version 1.0.15
Mega Nerd Libsndfile	Version 1.0.16
Mega Nerd Libsndfile	Version 1.0.17
Mega Nerd Libsndfile	Version 1.0.18
Mega Nerd Libsndfile	Version 1.0.19
Nullsoft Winamp	Version 5.51
Nullsoft Winamp	Version 5.52
Nullsoft Winamp	Version 5.541
Nullsoft Winamp	Version 5.54
Nullsoft Winamp	Version 5.552
Nullsoft Winamp	Version 5.55
Nullsoft Winamp	Version 5.5

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (30)

http://secunia.com/advisories/35076

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35126

Source: cve@mitre.org

http://secunia.com/advisories/35247

Source: cve@mitre.org

http://secunia.com/advisories/35443

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200905-09.xml

Source: cve@mitre.org

http://trapkit.de/advisories/TKADV2009-006.txt

Source: cve@mitre.org

Exploit

http://www.debian.org/security/2009/dsa-1814

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:132

Source: cve@mitre.org

http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/

Source: cve@mitre.org

PatchVendor Advisory

http://www.mega-nerd.com/libsndfile/

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/34978

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2009/1324

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1348

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50541

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50827

Source: cve@mitre.org

http://secunia.com/advisories/35076

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35126

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35247

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35443

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200905-09.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://trapkit.de/advisories/TKADV2009-006.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.debian.org/security/2009/dsa-1814

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:132

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mega-nerd.com/libsndfile/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/34978

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2009/1324

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1348

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50541

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50827

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.