CVE-2009-0136 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-0136
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-0136

Description: Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/USN-739-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html ST 1021558 SREASON http://securityreason.com/securityalert/4915 SAID Secunia Advisory: SA33819 Secunia Advisory: SA33640 Secunia Advisory: SA33522 Secunia Advisory: SA34315 Secunia Advisory: SA34407 Secunia Advisory: SA33505 MLIST http://openwall.com/lists/oss-security/2009/01/14/2 MISC http://trapkit.de/advisories/TKADV2009-002.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 GENTOO http://security.gentoo.org/glsa/glsa-200903-34.xml FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1706 CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 http://bugs.gentoo.org/show_bug.cgi?id=254896 http://websvn.kde.org/?view=rev&revision=908391 http://websvn.kde.org/?view=rev&revision=908415 http://websvn.kde.org/?view=rev&revision=908401 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/499984/100/0/threaded BID 33210

Return to the previous page.