Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-0136
HistoryJan 16, 2009 - 12:00 a.m.

CVE-2009-0136

2009-01-1600:00:00
ubuntu.com
ubuntu.com
10

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%

Multiple array index errors in the Audible::Tag::readTag function in
metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote
attackers to cause a denial of service (application crash) or execute
arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or
(2) vlen Tag value, each of which can lead to an invalid pointer
dereference, or the writing of a 0x00 byte to an arbitrary memory location,
after an allocation failure.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchamarok< 2:1.4.7-0ubuntu3.2UNKNOWN
ubuntu8.04noarchamarok< 2:1.4.9.1-0ubuntu3.2UNKNOWN
ubuntu8.10noarchamarok< 2:1.4.10-0ubuntu3.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.118

Percentile

95.3%