CVE-2008-1420
Published: 16 May 2008
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
libvorbis Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Upstream: https://trac.xiph.org/changeset/14598 Vendor: https://bugzilla.redhat.com/show_bug.cgi?id=440706 Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | Regression #1: https://trac.xiph.org/ticket/1456 fixes: https://trac.xiph.org/changeset/15532 fixes: https://trac.xiph.org/changeset/15533 Regression #2: https://trac.xiph.org/ticket/1572 fixes: https://trac.xiph.org/changeset/16327 fixes: https://trac.xiph.org/changeset/16552 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518
- https://ubuntu.com/security/notices/USN-682-1
- NVD
- Launchpad
- Debian