CVE-2009-1791
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
26/05/2009
Last modified:
09/04/2025
Description
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mega-nerd:libsndfile:1.0.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mega-nerd:libsndfile:1.0.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mega-nerd:libsndfile:1.0.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mega-nerd:libsndfile:1.0.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mega-nerd:libsndfile:1.0.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/35076
- http://secunia.com/advisories/35247
- http://secunia.com/advisories/35443
- http://security.gentoo.org/glsa/glsa-200905-09.xml
- http://www.debian.org/security/2009/dsa-1814
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A132
- http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
- http://www.mega-nerd.com/libsndfile/
- http://www.securityfocus.com/bid/34978
- http://www.vupen.com/english/advisories/2009/1324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
- http://secunia.com/advisories/35076
- http://secunia.com/advisories/35247
- http://secunia.com/advisories/35443
- http://security.gentoo.org/glsa/glsa-200905-09.xml
- http://www.debian.org/security/2009/dsa-1814
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A132
- http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
- http://www.mega-nerd.com/libsndfile/
- http://www.securityfocus.com/bid/34978
- http://www.vupen.com/english/advisories/2009/1324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50541