PT-2009-5828 · Epicdjsoftware · Epicdj

Published

2009-10-02

Updated

2017-09-19

CVE-2009-3537

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EpicDJSoftware EpicDJ version 1.3.9.1

Description The issue is related to multiple stack-based buffer overflows that can be triggered by remote attackers. This can happen when a long string is present in either a .m3u or .mpl playlist file. As a result, attackers can cause a denial of service, leading to an application crash, or potentially execute arbitrary code.

Recommendations For EpicDJSoftware EpicDJ version 1.3.9.1, avoid using long strings in .m3u or .mpl playlist files to minimize the risk of exploitation. Consider restricting the use of these file types until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-3537

Affected Products

Epicdj

PT-2009-5828 · Epicdjsoftware · Epicdj

CVE-2009-3537

Weakness Enumeration

Related Identifiers

Affected Products

References · 5