Unrated severityNVD Advisory· Published Jan 16, 2009· Updated Jun 16, 2026
CVE-2009-0136
CVE-2009-0136
Description
Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4Patches
Vulnerability mechanics
References
26- trapkit.de/advisories/TKADV2009-002.txtnvdExploit
- amarok.kde.org/en/releases/2.0.1.1nvdVendor Advisory
- secunia.com/advisories/33505nvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlnvd
- openwall.com/lists/oss-security/2009/01/14/2nvd
- secunia.com/advisories/33522nvd
- secunia.com/advisories/33640nvd
- secunia.com/advisories/33819nvd
- secunia.com/advisories/34315nvd
- secunia.com/advisories/34407nvd
- security.gentoo.org/glsa/glsa-200903-34.xmlnvd
- securityreason.com/securityalert/4915nvd
- websvn.kde.orgnvd
- websvn.kde.orgnvd
- websvn.kde.orgnvd
- www.debian.org/security/2009/dsa-1706nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/499984/100/0/threadednvd
- www.securityfocus.com/bid/33210nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-739-1nvd
- www.vupen.com/english/advisories/2009/0100nvd
- bugzilla.redhat.com/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.htmlnvd
News mentions
0No linked articles in our index yet.