CVE-2009-1791

Publication date 26 May 2009

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
libsndfile 9.04 jaunty
Fixed 1.0.17-4ubuntu1.1
8.10 intrepid
Fixed 1.0.17-4ubuntu0.8.10.2
8.04 LTS hardy
Fixed 1.0.17-4ubuntu0.8.04.2
6.06 LTS dapper Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libsndfile

References

Related Ubuntu Security Notices (USN)

    • USN-849-1
    • libsndfile vulnerabilities
    • 15 October 2009

Other references