CVE-2009-0186

Name of the Vulnerable Software and Affected Versions libsndfile versions prior to 1.0.19 libsndfile1-dev (affected versions not specified) sndfile-programs (affected versions not specified)

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. An integer overflow in libsndfile 1.0.18 allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Recommendations For libsndfile versions prior to 1.0.19, update to version 1.0.19 or later to resolve the issue. For libsndfile1-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For sndfile-programs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.