CVE-2009-20004

gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb
https://web.archive.org/web/20101210055252/http://galan.sourceforge.net/
https://www.exploit-db.com/exploits/10339
https://www.exploit-db.com/exploits/10345
https://www.exploit-db.com/exploits/16664
https://www.fortiguard.com/encyclopedia/ips/18034/galan-galan-file-stack-overflow
https://www.vulncheck.com/advisories/galan-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb
https://www.exploit-db.com/exploits/10339
https://www.exploit-db.com/exploits/10345
https://www.exploit-db.com/exploits/16664

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2009-20004

Mitre link : CVE-2009-20004

CVE.ORG link : CVE-2009-20004

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2009-20004", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T21:15:33.087", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20101210055252/http://galan.sourceforge.net/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/10339", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/10345", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16664", "source": "disclosure@vulncheck.com"}, {"url": "https://www.fortiguard.com/encyclopedia/ips/18034/galan-galan-file-stack-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/galan-buffer-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/10339", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/10345", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/16664", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file."}, {"lang": "es", "value": "gAlan 0.2.1, un entorno modular de procesamiento de audio para Windows, es vulnerable a un desbordamiento de b\u00fafer basado en la pila al analizar archivos .galan. La aplicaci\u00f3n no valida correctamente la longitud de los datos de entrada, lo que permite que un archivo especialmente manipulado sobrescriba la pila y ejecute c\u00f3digo arbitrario. La explotaci\u00f3n requiere interacci\u00f3n local, generalmente convenciendo al usuario para que abra el archivo malicioso."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}