← back
CVE-2009-0135

CVE-2009-0135

EPSS 6.9%
Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://amarok.kde.org/en/releases/2.0.1.1http://bugs.gentoo.org/show_bug.cgi?id=254896http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://openwall.com/lists/oss-security/2009/01/14/2https://bugzilla.redhat.com/show_bug.cgi?id=479560https://bugzilla.redhat.com/show_bug.cgi?id=479946http://secunia.com/advisories/33505http://secunia.com/advisories/33522http://secunia.com/advisories/33640http://secunia.com/advisories/33819http://secunia.com/advisories/34315http://secunia.com/advisories/34407