CVE-2009-1791

Name of the Vulnerable Software and Affected Versions libsndfile versions 1.0.15 through 1.0.19 libsndfile version prior to 1.0.20

Description The issue concerns multiple vulnerabilities in the libsndfile package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in the aiff read header function can be triggered by an AIFF file with an invalid header value, potentially allowing remote attackers to cause a denial of service or execute arbitrary code.

Recommendations For libsndfile versions 1.0.15 through 1.0.19, update to version 1.0.20 or later to resolve the issue. For libsndfile version prior to 1.0.20, update to version 1.0.20 or later to resolve the issue. As a temporary workaround, consider restricting the use of AIFF files or disabling the aiff read header function until a patch is available.