ID CVE-2009-0490
Summary Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
References
Vulnerable Configurations
  • cpe:2.3:a:audacityteam:audacity:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:audacityteam:audacity:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:audacityteam:audacity:1.3.5:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 07-02-2022 - 19:45)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 33090
confirm http://bugs.gentoo.org/show_bug.cgi?id=253493
exploit-db 7634
mlist [audacity-devel] 20090110 Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow
osvdb 51070
secunia 33356
suse SUSE-SR:2009:004
vupen ADV-2009-0008
Last major update 07-02-2022 - 19:45
Published 10-02-2009 - 01:30
Last modified 07-02-2022 - 19:45
Back to Top