| ID |
CVE-2009-0136
|
| Summary |
Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:amarok:amarok:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:amarok:amarok:1.4.10:*:*:*:*:*:*:*
-
cpe:2.3:a:amarok:amarok:2.0:*:*:*:*:*:*:*
cpe:2.3:a:amarok:amarok:2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:amarok:amarok:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:amarok:amarok:2.0.1:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 11-10-2018 - 20:59) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 33210 | | bugtraq | 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities | | confirm | | | debian | DSA-1706 | | fedora | FEDORA-2009-0715 | | gentoo | GLSA-200903-34 | | mandriva | MDVSA-2009:030 | | misc | http://trapkit.de/advisories/TKADV2009-002.txt | | mlist | [oss-security] 20090114 CVE Request -- amarok | | sectrack | 1021558 | | secunia | - 33505
- 33522
- 33640
- 33819
- 34315
- 34407
| | sreason | 4915 | | suse | SUSE-SR:2009:003 | | ubuntu | USN-739-1 | | vupen | ADV-2009-0100 |
|
| Last major update |
11-10-2018 - 20:59 |
| Published |
16-01-2009 - 18:30 |
| Last modified |
11-10-2018 - 20:59 |
