certfr_avis - CERTA-2009-AVI-203

CERTA-2009-AVI-203

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de la bibliothèque libsndfile permettent à un utilisateur malveillant d'exécuter à distance du code arbitraire sur le système vulnérable.

Description

Plusieurs vulnérabilités de la bibliothèque libsndfile ont été publiées :

la fonction header_read() ne vérifie pas correctement la donnée entrée pour un calcul de taille de tampon en mémoire. Ce défaut peut être utilisé pour provoquer un débordement de zone mémoire ;
la fonction aiff_read_header() ne vérifie pas correctement une borne. Ce défaut peut être utilisé pour provoquer un débordement de zone mémoire ;

Un utilisateur malveillant peut exploiter ces vulnérabilités en incitant un utilisateur à ouvrir un fichier AIFF ou VOC spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Bibliothèque libsndfile version 1.0.19 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA-200905-09 du 27 mai 2009 :

other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBiblioth\u00e8que libsndfile version 1.0.19  et versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que libsndfile ont \u00e9t\u00e9 publi\u00e9es\n:\n\n-   la fonction header_read() ne v\u00e9rifie pas correctement la donn\u00e9e\n    entr\u00e9e pour un calcul de taille de tampon en m\u00e9moire. Ce d\u00e9faut peut\n    \u00eatre utilis\u00e9 pour provoquer un d\u00e9bordement de zone m\u00e9moire ;\n-   la fonction aiff_read_header() ne v\u00e9rifie pas correctement une\n    borne. Ce d\u00e9faut peut \u00eatre utilis\u00e9 pour provoquer un d\u00e9bordement de\n    zone m\u00e9moire ;\n\nUn utilisateur malveillant peut exploiter ces vuln\u00e9rabilit\u00e9s en incitant\nun utilisateur \u00e0 ouvrir un fichier AIFF ou VOC sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1791"
    },
    {
      "name": "CVE-2009-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1788"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200905-09 du 27 mai 2009 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-09.xml"
    }
  ],
  "reference": "CERTA-2009-AVI-203",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que libsndfile permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter \u00e0 distance du code arbitraire sur le\nsyst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de libsndfile",
  "vendor_advisories": []
}

CVE-2009-1791 (GCVE-0-2009-1791)

Vulnerability from cvelistv5 – Published: 2009-05-26 17:00 – Updated: 2024-08-07 05:27

Summary

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mega-nerd.com/libsndfile/	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1324	vdb-entryx_refsource_VUPEN
	http://www.mega-nerd.com/erikd/Blog/CodeHacking/l…	x_refsource_CONFIRM
	http://secunia.com/advisories/35247	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1814	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/35076	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200905-09.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/34978	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35443	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/libsndfile/"
          },
          {
            "name": "ADV-2009-1324",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
          },
          {
            "name": "35247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35247"
          },
          {
            "name": "DSA-1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1814"
          },
          {
            "name": "libsndfile-aiff-voc-bo(50541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
          },
          {
            "name": "35076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35076"
          },
          {
            "name": "GLSA-200905-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
          },
          {
            "name": "34978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34978"
          },
          {
            "name": "35443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35443"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2009:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/libsndfile/"
        },
        {
          "name": "ADV-2009-1324",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
        },
        {
          "name": "35247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35247"
        },
        {
          "name": "DSA-1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1814"
        },
        {
          "name": "libsndfile-aiff-voc-bo(50541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
        },
        {
          "name": "35076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35076"
        },
        {
          "name": "GLSA-200905-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
        },
        {
          "name": "34978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34978"
        },
        {
          "name": "35443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35443"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2009:132",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
            },
            {
              "name": "http://www.mega-nerd.com/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/libsndfile/"
            },
            {
              "name": "ADV-2009-1324",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1324"
            },
            {
              "name": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
            },
            {
              "name": "35247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35247"
            },
            {
              "name": "DSA-1814",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1814"
            },
            {
              "name": "libsndfile-aiff-voc-bo(50541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
            },
            {
              "name": "35076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35076"
            },
            {
              "name": "GLSA-200905-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
            },
            {
              "name": "34978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34978"
            },
            {
              "name": "35443",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35443"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1791",
    "datePublished": "2009-05-26T17:00:00",
    "dateReserved": "2009-05-26T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1788 (GCVE-0-2009-1788)

Vulnerability from cvelistv5 – Published: 2009-05-26 16:00 – Updated: 2024-08-07 05:27

Summary

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://trapkit.de/advisories/TKADV2009-006.txt	x_refsource_MISC
	http://www.vupen.com/english/advisories/2009/1348	vdb-entryx_refsource_VUPEN
	http://www.mega-nerd.com/libsndfile/	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1324	vdb-entryx_refsource_VUPEN
	http://www.mega-nerd.com/erikd/Blog/CodeHacking/l…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/35247	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1814	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/35076	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200905-09.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/35126	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34978	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35443	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
          },
          {
            "name": "ADV-2009-1348",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/libsndfile/"
          },
          {
            "name": "ADV-2009-1324",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
          },
          {
            "name": "libsndfile-voc-bo(50827)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
          },
          {
            "name": "35247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35247"
          },
          {
            "name": "DSA-1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1814"
          },
          {
            "name": "libsndfile-aiff-voc-bo(50541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
          },
          {
            "name": "35076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35076"
          },
          {
            "name": "GLSA-200905-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
          },
          {
            "name": "35126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35126"
          },
          {
            "name": "34978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34978"
          },
          {
            "name": "35443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35443"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2009:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
        },
        {
          "name": "ADV-2009-1348",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/libsndfile/"
        },
        {
          "name": "ADV-2009-1324",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
        },
        {
          "name": "libsndfile-voc-bo(50827)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
        },
        {
          "name": "35247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35247"
        },
        {
          "name": "DSA-1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1814"
        },
        {
          "name": "libsndfile-aiff-voc-bo(50541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
        },
        {
          "name": "35076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35076"
        },
        {
          "name": "GLSA-200905-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
        },
        {
          "name": "35126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35126"
        },
        {
          "name": "34978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34978"
        },
        {
          "name": "35443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35443"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2009:132",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
            },
            {
              "name": "http://trapkit.de/advisories/TKADV2009-006.txt",
              "refsource": "MISC",
              "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
            },
            {
              "name": "ADV-2009-1348",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1348"
            },
            {
              "name": "http://www.mega-nerd.com/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/libsndfile/"
            },
            {
              "name": "ADV-2009-1324",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1324"
            },
            {
              "name": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
            },
            {
              "name": "libsndfile-voc-bo(50827)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
            },
            {
              "name": "35247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35247"
            },
            {
              "name": "DSA-1814",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1814"
            },
            {
              "name": "libsndfile-aiff-voc-bo(50541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
            },
            {
              "name": "35076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35076"
            },
            {
              "name": "GLSA-200905-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
            },
            {
              "name": "35126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35126"
            },
            {
              "name": "34978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34978"
            },
            {
              "name": "35443",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35443"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1788",
    "datePublished": "2009-05-26T16:00:00",
    "dateReserved": "2009-05-26T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2009-AVI-203

Description

Solution

CVE-2009-1791 (GCVE-0-2009-1791)

CVE-2009-1788 (GCVE-0-2009-1788)

Tags

Sightings

Nomenclature