Core · Opencore · CVE-2009-0475
**Name of the Vulnerable Software and Affected Versions**
OpenCORE versions 2.0 and earlier
**Description**
The issue is related to an integer underflow in the Huffman decoding functionality, specifically in the pvmp3 huffman parsing.cpp file. This allows remote attackers to cause a denial of service, resulting in a process crash, and potentially execute arbitrary code via a crafted MP3 file that triggers heap corruption.
**Recommendations**
For OpenCORE versions 2.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.