Mandriva Linux Security Advisory 2009-132 – Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83424/MDVSA-2009-132-1.txt
Source: https://packetstormsecurity.com/files/83424/Mandriva-Linux-Security-Advisory-2009-132.html