CVE-2009-1788

Name of the Vulnerable Software and Affected Versions libsndfile versions 1.0.15 through 1.0.19

Description The issue is related to a heap-based buffer overflow in the voc read header function of libsndfile, which can be exploited by remote attackers via a VOC file with an invalid header value. This can cause a denial of service (application crash) and possibly allow the execution of arbitrary code. Additionally, there are multiple vulnerabilities in libsndfile prior to version 1.0.20 that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For libsndfile versions 1.0.15 through 1.0.19, update to version 1.0.20 or later to resolve the issue. As a temporary workaround, consider avoiding the use of VOC files with invalid header values until a patch is available.