CVE-2008-1423
Published: 16 May 2008
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libvorbis Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.2-0ubuntu2.3)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(1.2.0.dfsg-1ubuntu0.1)
|
|
| hardy |
Released
(1.2.0.dfsg-2ubuntu0.1)
|
|
| intrepid |
Not vulnerable
(1.2.0.dfsg-3.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://trac.xiph.org/changeset/14604 vendor: https://bugzilla.redhat.com/show_bug.cgi?id=440709 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518 |
||