QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0475

Published: Feb 11, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://android.git.kernel.org/?p=platform/external/opencore.git%3Ba=commit%3Bh=7b466cd0ecfdba72c4cbd0f3a8c2001141376b0f

x_refsource_CONFIRM

http://review.source.android.com/Gerrit#change%2C8815

x_refsource_CONFIRM

20090207 [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding

mailing-list

x_refsource_BUGTRAQ

http://www.ocert.org/advisories/ocert-2009-002.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.