Your submission was sent successfully! Close

CVE-2008-1420

Published: 16 May 2008

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Priority

Low

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian 		dapper
Released (1.1.2-0ubuntu2.3)
feisty Needed
(reached end-of-life)
gutsy
Released (1.2.0.dfsg-1ubuntu0.1)
hardy
Released (1.2.0.dfsg-2ubuntu0.1)
intrepid Not vulnerable
(1.2.0.dfsg-3.1)
upstream Needs triage

Notes

AuthorNote
mdeslaur 
Regression #1: https://trac.xiph.org/ticket/1456
fixes: https://trac.xiph.org/changeset/15532
fixes: https://trac.xiph.org/changeset/15533
Regression #2: https://trac.xiph.org/ticket/1572
fixes: https://trac.xiph.org/changeset/16327
fixes: https://trac.xiph.org/changeset/16552

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading