what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2009-0186

Status Candidate

Overview

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 200904-16
Posted Apr 18, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-16 - A buffer overflow vulnerability in libsndfile might allow remote attackers to execute arbitrary code. Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Versions less than 1.0.19 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-0186
SHA-256 | 3dc433cdfde65f004408d14c8170f98bed06e1fc84969102a136d58c79217126
Ubuntu Security Notice 749-1
Posted Mar 31, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-749-1 - It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0186
SHA-256 | 044d8cd4689b433bcb2bda5fe39b7eea86415e2189918f2d823ccd627677a476
Debian Linux Security Advisory 1742-1
Posted Mar 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1742-1 - Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-0186
SHA-256 | a37ce76a07759aa2c00c1ba6f442f62a8e9d2ce0729a65e12e9c1b573afa3af3
Mandriva Linux Security Advisory 2009-067
Posted Mar 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-067 - Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow. This update provides fix for that vulnerability.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0186
SHA-256 | 8031a5bfe8aa30d42e54cb560c9c38202cb94aac13227fedd63fe7f980655436
Secunia - Winamp Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the libsndfile.dll library while processing CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Versions 5.541 and 5.55 of Winamp are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | e97f2fe73e532a5dec458183af5d69b27e62e2a71a4a255ef386e4dca35a6f89
Secunia - libsndfile Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Version 1.0.18 of libsndfile is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | b5eb317c23578aec59191a12b52b4f678a3da0e4fb73652dfa8b4375cf3a713a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close