Lucene search

[email protected]NVD:CVE-2009-0186

HistoryMar 05, 2009 - 2:30 a.m.

CVE-2009-0186

2009-03-0502:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.41

Percentile

97.3%

JSON

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Affected configurations

Nvd

Node

nullsoftwinampMatch5.55

nullsoftwinampMatch5.541

Node

mega-nerdlibsndfileRange≤1.0.18

mega-nerdlibsndfileMatch0.0.8

mega-nerdlibsndfileMatch0.0.28

mega-nerdlibsndfileMatch1.0.0

mega-nerdlibsndfileMatch1.0.0rc1

mega-nerdlibsndfileMatch1.0.0rc6

mega-nerdlibsndfileMatch1.0.1

mega-nerdlibsndfileMatch1.0.2

mega-nerdlibsndfileMatch1.0.3

mega-nerdlibsndfileMatch1.0.4

mega-nerdlibsndfileMatch1.0.5

mega-nerdlibsndfileMatch1.0.6

mega-nerdlibsndfileMatch1.0.7

mega-nerdlibsndfileMatch1.0.8

mega-nerdlibsndfileMatch1.0.9

mega-nerdlibsndfileMatch1.0.10

mega-nerdlibsndfileMatch1.0.11

mega-nerdlibsndfileMatch1.0.12

mega-nerdlibsndfileMatch1.0.13

mega-nerdlibsndfileMatch1.0.14

mega-nerdlibsndfileMatch1.0.15

mega-nerdlibsndfileMatch1.0.16

mega-nerdlibsndfileMatch1.0.17

VendorProductVersionCPE
nullsoftwinamp5.55cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
nullsoftwinamp5.541cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
mega-nerdlibsndfile*cpe:2.3:a:mega-nerd:libsndfile:*:*:*:*:*:*:*:*
mega-nerdlibsndfile0.0.8cpe:2.3:a:mega-nerd:libsndfile:0.0.8:*:*:*:*:*:*:*
mega-nerdlibsndfile0.0.28cpe:2.3:a:mega-nerd:libsndfile:0.0.28:*:*:*:*:*:*:*
mega-nerdlibsndfile1.0.0cpe:2.3:a:mega-nerd:libsndfile:1.0.0:*:*:*:*:*:*:*
mega-nerdlibsndfile1.0.0cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc1:*:*:*:*:*:*
mega-nerdlibsndfile1.0.0cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc6:*:*:*:*:*:*
mega-nerdlibsndfile1.0.1cpe:2.3:a:mega-nerd:libsndfile:1.0.1:*:*:*:*:*:*:*
mega-nerdlibsndfile1.0.2cpe:2.3:a:mega-nerd:libsndfile:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	5.55	cpe:2.3:a:nullsoft:winamp:5.55:::::::*
nullsoft	winamp	5.541	cpe:2.3:a:nullsoft:winamp:5.541:::::::*
mega-nerd	libsndfile	*	cpe:2.3:a:mega-nerd:libsndfile::::::::
mega-nerd	libsndfile	0.0.8	cpe:2.3:a:mega-nerd:libsndfile:0.0.8:::::::*
mega-nerd	libsndfile	0.0.28	cpe:2.3:a:mega-nerd:libsndfile:0.0.28:::::::*
mega-nerd	libsndfile	1.0.0	cpe:2.3:a:mega-nerd:libsndfile:1.0.0:::::::*
mega-nerd	libsndfile	1.0.0	cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc1::::::
mega-nerd	libsndfile	1.0.0	cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc6::::::
mega-nerd	libsndfile	1.0.1	cpe:2.3:a:mega-nerd:libsndfile:1.0.1:::::::*
mega-nerd	libsndfile	1.0.2	cpe:2.3:a:mega-nerd:libsndfile:1.0.2:::::::*