Candidate: CVE-2009-0186
PublicDate: 2009-03-05 02:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0186
 http://security-tracker.debian.net/tracker/DSA-1742-1
 https://ubuntu.com/security/notices/USN-749-1
Description:
 Integer overflow in libsndfile 1.0.18, as used in Winamp and other
 products, allows context-dependent attackers to execute arbitrary code via
 crafted description chunks in a CAF audio file, leading to a heap-based
 buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0186
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libsndfile:
 vendor: https://bugzilla.redhat.com/attachment.cgi?id=333940 (same as upstream)
upstream_libsndfile: released (1.0.19)
dapper_libsndfile: released (1.0.12-3ubuntu1.1)
gutsy_libsndfile: released (1.0.17-4ubuntu0.7.10.1)
hardy_libsndfile: released (1.0.17-4ubuntu0.8.04.1)
intrepid_libsndfile: released (1.0.17-4ubuntu0.8.10.1)
devel_libsndfile: released (1.0.17-4ubuntu1)