This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Amarok | First view | 2009-01-16 |
| Product | Amarok | Last view | 2009-01-16 |
| Version | 2.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:amarok:amarok | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2009-01-16 | CVE-2009-0136 | Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. |
| 9.3 | 2009-01-16 | CVE-2009-0135 | Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-189 | Numeric Errors |
| 50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 53459 | Amarok metadata/audible/audibletag.cpp Audible::Tag::readTag Function Audible... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:030-1 (amarok) File : nvt/mdksa_2009_030_1.nasl |
| 2009-03-31 | Name : FreeBSD Ports: amarok File : nvt/freebsd_amarok.nasl |
| 2009-03-31 | Name : Gentoo Security Advisory GLSA 200903-34 (amarok) File : nvt/glsa_200903_34.nasl |
| 2009-03-20 | Name : Ubuntu USN-735-1 (gst-plugins-base0.10) File : nvt/ubuntu_735_1.nasl |
| 2009-03-20 | Name : Ubuntu USN-736-1 (gst-plugins-good0.10) File : nvt/ubuntu_736_1.nasl |
| 2009-03-20 | Name : Ubuntu USN-737-1 (libsoup) File : nvt/ubuntu_737_1.nasl |
| 2009-03-20 | Name : Ubuntu USN-739-1 (amarok) File : nvt/ubuntu_739_1.nasl |
| 2009-02-02 | Name : Mandrake Security Advisory MDVSA-2009:030 (amarok) File : nvt/mdksa_2009_030.nasl |
| 2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
| 2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
| 2009-01-26 | Name : Fedora Core 9 FEDORA-2009-0715 (amarok) File : nvt/fcore_2009_0715.nasl |
| 2009-01-22 | Name : Amarok Player Multiple Vulnerabilities File : nvt/secpod_amarok_mult_vuln_lin.nasl |
| 2009-01-20 | Name : Debian Security Advisory DSA 1706-1 (amarok) File : nvt/deb_1706_1.nasl |
| 2009-01-20 | Name : Fedora Core 10 FEDORA-2009-0550 (amarok) File : nvt/fcore_2009_0550.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_amarok-5931.nasl - Type: ACT_GATHER_INFO |
| 2009-07-21 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_amarok-090119.nasl - Type: ACT_GATHER_INFO |
| 2009-07-21 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_amarok-090119.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2009-030.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-739-1.nasl - Type: ACT_GATHER_INFO |
| 2009-03-24 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_6bb6188c17b211deae4d0030843d3802.nasl - Type: ACT_GATHER_INFO |
| 2009-03-22 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200903-34.nasl - Type: ACT_GATHER_INFO |
| 2009-01-29 | Name: The remote openSUSE host is missing a security update. File: suse_amarok-5932.nasl - Type: ACT_GATHER_INFO |
| 2009-01-22 | Name: The remote Fedora host is missing a security update. File: fedora_2009-0715.nasl - Type: ACT_GATHER_INFO |
| 2009-01-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1706.nasl - Type: ACT_GATHER_INFO |
