CVE-2009-0136

2009-01-1600:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.118 Low

EPSS

Percentile

95.3%

JSON

Multiple array index errors in the Audible::Tag::readTag function in
metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote
attackers to cause a denial of service (application crash) or execute
arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or
(2) vlen Tag value, each of which can lead to an invalid pointer
dereference, or the writing of a 0x00 byte to an arbitrary memory location,
after an allocation failure.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchamarok< 2:1.4.7-0ubuntu3.2UNKNOWN
ubuntu8.04noarchamarok< 2:1.4.9.1-0ubuntu3.2UNKNOWN
ubuntu8.10noarchamarok< 2:1.4.10-0ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	amarok	< 2:1.4.7-0ubuntu3.2	UNKNOWN
ubuntu	8.04	noarch	amarok	< 2:1.4.9.1-0ubuntu3.2	UNKNOWN
ubuntu	8.10	noarch	amarok	< 2:1.4.10-0ubuntu3.1	UNKNOWN