CVE-2009-0186

2009-03-0502:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-0186

libsndfile

winamp

nvd

integer overflow

buffer overflow

audio file

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.41 Medium

EPSS

Percentile

97.3%

JSON

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

CPENameOperatorVersion
nullsoft:winampnullsoft winampeq5.55
nullsoft:winampnullsoft winampeq5.541
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.0
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.3
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.13
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.15
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.6
mega-nerd:libsndfilemega-nerd libsndfileeq0.0.8
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.10
mega-nerd:libsndfilemega-nerd libsndfileeq0.0.28

CPE	Name	Operator	Version
nullsoft:winamp	nullsoft winamp	eq	5.55
nullsoft:winamp	nullsoft winamp	eq	5.541
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.0
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.3
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.13
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.15
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.6
mega-nerd:libsndfile	mega-nerd libsndfile	eq	0.0.8
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.10
mega-nerd:libsndfile	mega-nerd libsndfile	eq	0.0.28