what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2009-0186

Status Candidate

Overview

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 200904-16
Posted Apr 18, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-16 - A buffer overflow vulnerability in libsndfile might allow remote attackers to execute arbitrary code. Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Versions less than 1.0.19 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-0186
SHA-256 | 3dc433cdfde65f004408d14c8170f98bed06e1fc84969102a136d58c79217126
Ubuntu Security Notice 749-1
Posted Mar 31, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-749-1 - It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0186
SHA-256 | 044d8cd4689b433bcb2bda5fe39b7eea86415e2189918f2d823ccd627677a476
Debian Linux Security Advisory 1742-1
Posted Mar 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1742-1 - Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-0186
SHA-256 | a37ce76a07759aa2c00c1ba6f442f62a8e9d2ce0729a65e12e9c1b573afa3af3
Mandriva Linux Security Advisory 2009-067
Posted Mar 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-067 - Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow. This update provides fix for that vulnerability.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0186
SHA-256 | 8031a5bfe8aa30d42e54cb560c9c38202cb94aac13227fedd63fe7f980655436
Secunia - Winamp Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the libsndfile.dll library while processing CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Versions 5.541 and 5.55 of Winamp are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | e97f2fe73e532a5dec458183af5d69b27e62e2a71a4a255ef386e4dca35a6f89
Secunia - libsndfile Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Version 1.0.18 of libsndfile is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | b5eb317c23578aec59191a12b52b4f678a3da0e4fb73652dfa8b4375cf3a713a
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close