CVE-2009-1788
libsndfile - arbitrary code execution
EPSS 8.6%
Description
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
How to fix CVE-2009-1788
To remediate CVE-2009-1788, upgrade the affected package to a fixed version below.
- Debian/libsndfile—upgrade to 1.0.20-1 or later
- Debian/libsndfile—upgrade to 1.0.16-2+etch2 or later
Is CVE-2009-1788 being exploited?
Moderate — EPSS is 8.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.20-1
- from 0, < 1.0.16-2+etch2