CVE-2009-1788

EPSS 8.6%

libsndfile - arbitrary code execution

Published: 5/26/2009Modified: 4/28/2026

Description

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

Affected packages (2)

Debian/libsndfilefrom 0, < 1.0.20-1
Debian/libsndfilefrom 0, < 1.0.16-2+etch2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-1788