Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2009-0136
HistoryJan 16, 2009 - 6:30 p.m.

CVE-2009-0136

2009-01-1618:30:00
Debian Security Bug Tracker
security-tracker.debian.org
8

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.

OSVersionArchitecturePackageVersionFilename
Debian999allamarok< 1.4.10-2amarok_1.4.10-2_all.deb
Debian13allamarok< 1.4.10-2amarok_1.4.10-2_all.deb

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%