CVE-2009-2206
iPhone OS < 3.1 and iPod touch < 3.1.1 - Remote Code Execution via Crafted AAC or MP3 File
Title source: llmDescription
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022869
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506464/100/0/threaded
Exploit x_refsource_misc
http://www.trapkit.de/advisories/TKADV2009-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53180
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36338
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36677
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3860
Scores
EPSS
0.0463
EPSS Percentile
90.6%
Details
CWE
CWE-119
Status
published
Products (21)
apple/iphone_os
1.0.0
apple/iphone_os
1.0.1
apple/iphone_os
1.0.2
apple/iphone_os
1.1.0
apple/iphone_os
1.1.1
apple/iphone_os
1.1.2
apple/iphone_os
1.1.3
apple/iphone_os
1.1.4
apple/iphone_os
1.1.5
apple/iphone_os
2.0
... and 11 more
Published
Sep 10, 2009
Tracked Since
Feb 18, 2026