CVE-2009-0186

EPSS 3.2%

libsndfile - arbitrary code execution

Published: 3/5/2009Modified: 3/9/2026

Also known as:DSA-1742-1DEBIAN-CVE-2009-0186

Description

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Affected packages (3)

Debian/libsndfilefrom 0, < 1.0.19-1
Debian/libsndfilefrom 0, < 1.0.16-2+etch1
Debian/libsndfilefrom 0, < 1.0.18-2+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0186