CVE-2009-1791

2009-05-2617:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2009

1791

buffer overflow

libsndfile

winamp

denial of service

remote attack

aiff file

nvd

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

CPENameOperatorVersion
nullsoft:winampnullsoft winampeq5.552
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.18
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.19
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.15
nullsoft:winampnullsoft winampeq5.54
nullsoft:winampnullsoft winampeq5.5
mega-nerd:libsndfilemega-nerd libsndfileeq1.0.17
nullsoft:winampnullsoft winampeq5.55
nullsoft:winampnullsoft winampeq5.51
nullsoft:winampnullsoft winampeq5.541

CPE	Name	Operator	Version
nullsoft:winamp	nullsoft winamp	eq	5.552
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.18
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.19
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.15
nullsoft:winamp	nullsoft winamp	eq	5.54
nullsoft:winamp	nullsoft winamp	eq	5.5
mega-nerd:libsndfile	mega-nerd libsndfile	eq	1.0.17
nullsoft:winamp	nullsoft winamp	eq	5.55
nullsoft:winamp	nullsoft winamp	eq	5.51
nullsoft:winamp	nullsoft winamp	eq	5.541