Vulnerability CVE-2009-1791

Vulnerability Name:

CVE-2009-1791 (CCN-50541)

Assigned:

2009-05-14

Published:

2009-05-14

Updated:

2017-08-17

Summary:

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1791

Source: CCN
Type: SA35076
libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35076

Source: SECUNIA
Type: UNKNOWN
35247

Source: SECUNIA
Type: UNKNOWN
35443

Source: GENTOO
Type: UNKNOWN
GLSA-200905-09

Source: CCN
Type: TKADV2009-006
libsndfile/Winamp VOC Processing Heap Buffer

Source: DEBIAN
Type: UNKNOWN
DSA-1814

Source: DEBIAN
Type: DSA-1814
libsndfile -- heap-based buffer overflow

Source: CCN
Type: GLSA-200905-09
libsndfile: User-assisted execution of arbitrary code

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:132

Source: CCN
Type: Libsndfile Web page
ChangeLog

Source: CCN
Type: m3ga blog
libsndfile 1.0.20

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.mega-nerd.com/libsndfile/

Source: CCN
Type: OSVDB ID: 54511
libsndfile src/aiff.c aiff_read_header() Function Overflow

Source: BID
Type: Patch
34978

Source: CCN
Type: BID-34978
libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities

Source: CCN
Type: USN-849-1
libsndfile vulnerabilities

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1324

Source: CCN
Type: Nullsoft Web site
Winamp

Source: XF
Type: UNKNOWN
libsndfile-aiff-voc-bo(50541)

Source: XF
Type: UNKNOWN
libsndfile-aiff-voc-bo(50541)

Source: SUSE
Type: SUSE-SR:2009:013
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:mega-nerd:libsndfile:1.0.15:*:*:*:*:*:*:*

OR cpe:/a:mega-nerd:libsndfile:1.0.16:*:*:*:*:*:*:*

OR cpe:/a:mega-nerd:libsndfile:1.0.17:*:*:*:*:*:*:*

OR cpe:/a:mega-nerd:libsndfile:1.0.18:*:*:*:*:*:*:*

OR cpe:/a:mega-nerd:libsndfile:1.0.19:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.5:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.51:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.52:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.54:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.55:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.541:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.552:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091791	V	CVE-2009-1791	2022-05-20
oval:org.opensuse.security:def:42379	P	Security update for gzip (Important)	2022-05-10
oval:org.opensuse.security:def:42175	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:31321	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:32209	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:29437	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:31695	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:31288	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31689	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:32193	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31683	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:26108	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:31247	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:26099	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:32154	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:31235	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:31236	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26094	P	Security update for curl (Moderate)	2021-07-23
oval:org.opensuse.security:def:29401	P	Security update for qemu (Moderate)	2021-07-21
oval:org.opensuse.security:def:31657	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32137	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:36217	P	libsndfile-1.0.20-2.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36486	P	libsndfile-devel-1.0.20-2.6.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32936	P	Security update for shim (Important)	2021-06-08
oval:org.opensuse.security:def:42624	P	libsndfile-1.0.20-2.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32105	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26051	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26047	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:31156	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32075	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:26035	P	Security update for apache-commons-io (Moderate)	2021-04-26
oval:org.opensuse.security:def:32897	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:31749	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:31736	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:26201	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:32259	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:26192	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:26111	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:42009	P	libsndfile-1.0.20-2.1.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35972	P	libsndfile-1.0.20-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35602	P	libsndfile-1.0.20-2.1.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31082	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35768	P	libsndfile-1.0.20-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32001	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:26239	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26714	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28763	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:31439	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31602	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:33180	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25318	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25229	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:25495	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32602	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26254	P	Security update for dia (Moderate)	2020-12-01
oval:org.opensuse.security:def:26971	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26320	P	Security update to go1.4 (Low)	2020-12-01
oval:org.opensuse.security:def:26343	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:28703	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31440	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32503	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25319	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25357	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25579	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26298	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27979	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26377	P	Security update for kauth, kdelibs4 (Important)	2020-12-01
oval:org.opensuse.security:def:26665	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32567	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31451	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31845	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32746	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33141	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25330	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25730	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26240	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26936	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27980	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28185	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26461	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28664	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:31525	P	Security update for rsyslog	2020-12-01
oval:org.opensuse.security:def:31806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32349	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:32768	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33489	P	Security update for libsndfile	2020-12-01
oval:org.opensuse.security:def:25522	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25394	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25660	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:25783	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26498	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:27215	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27991	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28269	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26612	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31824	P	Security update for bash (Low)	2020-12-01
oval:org.opensuse.security:def:32528	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31901	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:31893	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:32398	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:32812	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25523	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25726	P	Security update for python36 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:26542	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31070	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28055	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:28326	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28615	P	Security update for xorg-x11-libX11	2020-12-01
oval:org.opensuse.security:def:32732	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31993	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32049	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25885	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33450	P	Security update for gmime	2020-12-01
oval:org.opensuse.security:def:25534	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25895	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:26484	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27180	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28410	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32055	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31989	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31769	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32050	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32658	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25929	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25766	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25598	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25864	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26767	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27484	P	libsndfile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31380	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28562	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:32693	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31990	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32707	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26567	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26445	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26811	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31437	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25153	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32302	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32293	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26602	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26753	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27449	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31453	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:31524	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31950	P	Security update for grub2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25154	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:32359	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25842	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28719	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:31545	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:32437	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25165	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25438	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:32446	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25871	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26281	V	Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19 in Winamp 5.552	2014-10-20
oval:org.mitre.oval:def:13768	P	USN-849-1 -- libsndfile vulnerabilities	2014-06-30
oval:org.mitre.oval:def:7997	P	DSA-1814 libsndfile -- heap-based buffer overflow	2014-06-23
oval:org.mitre.oval:def:13539	P	DSA-1814-1 libsndfile -- heap-based buffer overflow	2014-06-23
oval:org.debian:def:1814	V	heap-based buffer overflow	2009-06-13

BACK