CVE-2008-1420
Published: 16 May 2008
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Notes
| Author | Note |
|---|---|
| mdeslaur | Regression #1: https://trac.xiph.org/ticket/1456 fixes: https://trac.xiph.org/changeset/15532 fixes: https://trac.xiph.org/changeset/15533 Regression #2: https://trac.xiph.org/ticket/1572 fixes: https://trac.xiph.org/changeset/16327 fixes: https://trac.xiph.org/changeset/16552 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libvorbis Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.2-0ubuntu2.3)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(1.2.0.dfsg-1ubuntu0.1)
|
|
| hardy |
Released
(1.2.0.dfsg-2ubuntu0.1)
|
|
| intrepid |
Not vulnerable
(1.2.0.dfsg-3.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://trac.xiph.org/changeset/14598 vendor: https://bugzilla.redhat.com/show_bug.cgi?id=440706 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518 |
||