CVE-2009-1791

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

Published: May 26, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1791
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
nullsoft / winamp	5.552	5.552.x
mega-nerd / libsndfile	1.0.18	1.0.18.x
mega-nerd / libsndfile	1.0.19	1.0.19.x
mega-nerd / libsndfile	1.0.15	1.0.15.x
nullsoft / winamp	5.54	5.54.x
nullsoft / winamp	5.5	5.5.x
mega-nerd / libsndfile	1.0.17	1.0.17.x
nullsoft / winamp	5.55	5.55.x
nullsoft / winamp	5.51	5.51.x
nullsoft / winamp	5.541	5.541.x
nullsoft / winamp	5.52	5.52.x
mega-nerd / libsndfile	1.0.16	1.0.16.x

http://secunia.com/advisories/35076
http://secunia.com/advisories/35247
http://secunia.com/advisories/35443
http://security.gentoo.org/glsa/glsa-200905-09.xml
http://www.debian.org/security/2009/dsa-1814
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/
http://www.mega-nerd.com/libsndfile/
http://www.securityfocus.com/bid/34978
http://www.vupen.com/english/advisories/2009/1324
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541

Vulnerability Database

289,689

CVE-2009-1791