Winamp Libsndfile Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Winamp and is prone to Buffer Overflow vulnerability.

Impact

Attackers may leverage this issue by executing arbitrary codes in the context of the affected application via specially crafted VOC, AIFF files and can cause denial of service. Impact Level: System/Application

Solution

Upgrade to the latest libsndfile version or apply the patch. http://www.mega-nerd.com/libsndfile/ http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is generated due to boundary error in 'voc_read_header()' and 'aiff_read_header()' functions in libsndfile.dll while processing VOC and AIFF files with invalid header values.

Affected

Winamp version 5.552 and prior on Windows.

References

http://secunia.com/advisories/35076
http://trapkit.de/advisories/TKADV2009-006.txt
http://www.vupen.com/english/advisories/2009/1324

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1788, CVE-2009-1791
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

DesignWorks Professional '.cct' File BOF Vulnerability
BS.Player '.bsl' File Buffer Overflow Vulnerabilities
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities

Winamp libsndfile Buffer Overflow Vulnerability

Take action and discover your vulnerabilities