CVE - CVE-2009-0136

CVE-ID
CVE-2009-0136	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:33210 URL:http://www.securityfocus.com/bid/33210 BUGTRAQ:20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities URL:http://www.securityfocus.com/archive/1/499984/100/0/threaded CONFIRM:http://amarok.kde.org/en/releases/2.0.1.1 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=254896 CONFIRM:http://websvn.kde.org/?view=rev&revision=908391 CONFIRM:http://websvn.kde.org/?view=rev&revision=908401 CONFIRM:http://websvn.kde.org/?view=rev&revision=908415 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=479560 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=479946 DEBIAN:DSA-1706 URL:http://www.debian.org/security/2009/dsa-1706 FEDORA:FEDORA-2009-0715 URL:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html GENTOO:GLSA-200903-34 URL:http://security.gentoo.org/glsa/glsa-200903-34.xml MANDRIVA:MDVSA-2009:030 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 MISC:http://trapkit.de/advisories/TKADV2009-002.txt MLIST:[oss-security] 20090114 CVE Request -- amarok URL:http://openwall.com/lists/oss-security/2009/01/14/2 SECTRACK:1021558 URL:http://www.securitytracker.com/id?1021558 SECUNIA:33505 URL:http://secunia.com/advisories/33505 SECUNIA:33522 URL:http://secunia.com/advisories/33522 SECUNIA:33640 URL:http://secunia.com/advisories/33640 SECUNIA:33819 URL:http://secunia.com/advisories/33819 SECUNIA:34315 URL:http://secunia.com/advisories/34315 SECUNIA:34407 URL:http://secunia.com/advisories/34407 SREASON:4915 URL:http://securityreason.com/securityalert/4915 SUSE:SUSE-SR:2009:003 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html UBUNTU:USN-739-1 URL:http://www.ubuntu.com/usn/USN-739-1 VUPEN:ADV-2009-0100 URL:http://www.vupen.com/english/advisories/2009/0100
Assigning CNA
MITRE Corporation
Date Record Created
20090116	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)