CVE-2009-0186 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-0186 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

EPSS 4.24% · 88.7th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

4.24%

88.7th percentile

Affected Products

Vendor	Product	Versions
mega-nerd	libsndfile	1.0.17, 1.0.14, 1.0.15
nullsoft	winamp	5.55, 5.541
n/a	n/a	n/a

Timeline

Mar 5, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Sep 2, 2023 EPSS Score

References

ADV-2009-0585 vdb
GLSA-200904-16 vendor-advisory
DSA-1742 vendor-advisory
20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability mailing-list
33981 third-party-advisory
33980 third-party-advisory
34642 third-party-advisory
1021784 vdb
34316 third-party-advisory
libsndfile-caf-bo(49038) vdb
34526 third-party-advisory
SUSE-SR:2009:008 vendor-advisory
USN-749-1 vendor-advisory
http://www.mega-nerd.com/libsndfile/NEWS url
ADV-2009-0584 vdb
http://secunia.com/secunia_research/2009-7/ url
33963 vdb
20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability mailing-list
http://secunia.com/secunia_research/2009-8/ url
34791 third-party-advisory

…and 3 more

Open in Interactive Console →