{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T04:52:26.577","vulnerabilities":[{"cve":{"id":"CVE-2009-20004","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-21T21:15:33.087","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file."},{"lang":"es","value":"gAlan 0.2.1, un entorno modular de procesamiento de audio para Windows, es vulnerable a un desbordamiento de búfer basado en la pila al analizar archivos .galan. La aplicación no valida correctamente la longitud de los datos de entrada, lo que permite que un archivo especialmente manipulado sobrescriba la pila y ejecute código arbitrario. La explotación requiere interacción local, generalmente convenciendo al usuario para que abra el archivo malicioso."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb","source":"disclosure@vulncheck.com"},{"url":"https://web.archive.org/web/20101210055252/http://galan.sourceforge.net/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/10339","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/10345","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/16664","source":"disclosure@vulncheck.com"},{"url":"https://www.fortiguard.com/encyclopedia/ips/18034/galan-galan-file-stack-overflow","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/galan-buffer-overflow","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.exploit-db.com/exploits/10339","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.exploit-db.com/exploits/10345","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.exploit-db.com/exploits/16664","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}