CVE-2009-20004

gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb
https://web.archive.org/web/20101210055252/http://galan.sourceforge.net/
https://www.exploit-db.com/exploits/10339
https://www.exploit-db.com/exploits/10345
https://www.exploit-db.com/exploits/16664
https://www.fortiguard.com/encyclopedia/ips/18034/galan-galan-file-stack-overflow
https://www.vulncheck.com/advisories/galan-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb
https://www.exploit-db.com/exploits/10339
https://www.exploit-db.com/exploits/10345
https://www.exploit-db.com/exploits/16664

Configurations

No configuration.

History

22 Aug 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) gAlan 0.2.1, un entorno modular de procesamiento de audio para Windows, es vulnerable a un desbordamiento de búfer basado en la pila al analizar archivos .galan. La aplicación no valida correctamente la longitud de los datos de entrada, lo que permite que un archivo especialmente manipulado sobrescriba la pila y ejecute código arbitrario. La explotación requiere interacción local, generalmente convenciendo al usuario para que abra el archivo malicioso.
References	~~() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb -~~	() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb -
References	~~() https://www.exploit-db.com/exploits/10339 -~~	() https://www.exploit-db.com/exploits/10339 -
References	~~() https://www.exploit-db.com/exploits/10345 -~~	() https://www.exploit-db.com/exploits/10345 -
References	~~() https://www.exploit-db.com/exploits/16664 -~~	() https://www.exploit-db.com/exploits/16664 -

21 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2009-20004

Mitre link : CVE-2009-20004

CVE.ORG link : CVE-2009-20004

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

JSON object

Attach tags to CVE-2009-20004

Attach tags to `CVE-2009-20004`