CVE-2009-0490

Name of the Vulnerable Software and Affected Versions Audacity versions 1.2.6 through 1.3.5

Description The issue is a stack-based buffer overflow in the String parse::get nonspace quoted function, which can be triggered by a .gro file containing a long string. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Recommendations For Audacity versions 1.2.6 through 1.3.5, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .gro files containing long strings until a patch is applied.