CVE-2008-1420
Published: 16 May 2008
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Priority
Notes
Author | Note |
---|---|
mdeslaur | Regression #1: https://trac.xiph.org/ticket/1456 fixes: https://trac.xiph.org/changeset/15532 fixes: https://trac.xiph.org/changeset/15533 Regression #2: https://trac.xiph.org/ticket/1572 fixes: https://trac.xiph.org/changeset/16327 fixes: https://trac.xiph.org/changeset/16552 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518
- https://ubuntu.com/security/notices/USN-682-1
- NVD
- Launchpad
- Debian