CVE-2009-0490
audacity - arbitrary code execution
EPSS 58.1%
Description
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
How to fix CVE-2009-0490
To remediate CVE-2009-0490, upgrade the affected package to a fixed version below.
- Debian/audacity—upgrade to 1.3.6-1 or later
- Debian/audacity—upgrade to 1.3.5-2+lenny1 or later
Is CVE-2009-0490 being exploited?
Likely — EPSS is 58.1%, placing CVE-2009-0490 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.3.6-1
- from 0, < 1.3.5-2+lenny1