CVE-2009-0186

Publication date 5 March 2009

Last updated 24 July 2024

Ubuntu priority

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsndfile	8.10 intrepid	Fixed 1.0.17-4ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 1.0.17-4ubuntu0.8.04.1
	7.10 gutsy	Fixed 1.0.17-4ubuntu0.7.10.1
	6.06 LTS dapper	Fixed 1.0.12-3ubuntu1.1

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libsndfile	Vendor: https://bugzilla.redhat.com/attachment.cgi?id=333940

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-749-1
libsndfile vulnerability
30 March 2009

Other references

http://security-tracker.debian.net/tracker/DSA-1742-1
https://www.cve.org/CVERecord?id=CVE-2009-0186