Fluid Attacks Database

Description

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libsndfile	>=0 <1.0.19-1	1.0.19-1
debian 11	libsndfile	>=0 <1.0.19-1	1.0.19-1
debian 13	libsndfile	>=0 <1.0.19-1	1.0.19-1
debian 14	libsndfile	>=0 <1.0.19-1	1.0.19-1

Aliases

1. CVE-2009-01862. NVD-2009-01863. OSV-DEBIAN-2009-01864. OSV-2009-01865. SECURITY-TRACKER-CVE-2009-0186

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.