CNNVD-202508-2547 Information

Aug 21, 2025 cve

CNNVD ID

CNNVD-202508-2547

CVE-2009-20004

CNNVD Published: 2025-08-21

Description (Chinese)

gAlan是gAlan公司的一款实时音频和MIDI图形化编程环境。 gAlan 0.2.1版本存在安全漏洞，该漏洞源于解析.galan文件时未验证输入长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

gAlan is a real-time audio and MIDI graphical programming environment for gAlan. There is a security loophole in version gAlan 0.2.1, which stems from the failure to verify the input length when deciphering the.galan file, which may result in the spilling out of the fence and the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GALAYOU

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/galan-buffer-overflow https://www.fortiguard.com/encyclopedia/ips/18034/galan-galan-file-stack-overflow https://www.exploit-db.com/exploits/16664 https://www.exploit-db.com/exploits/10345 https://www.exploit-db.com/exploits/10339 http://galan.sourceforge.net/ https://web.archive.org/web/20101210055252/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/galan_fileformat_bof.rb https://nvd.nist.gov/vuln/detail/CVE-2009-20004

Share on: