Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-2009

Published: 16 May 2008

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Notes

AuthorNote
mdeslaur
description is misleading, part of the patch applies to
recent versions.

Priority

Low

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
upstream
Released (1.0)
dapper Ignored
(end of life)
hardy
Released (1.2.0.dfsg-2ubuntu0.3)
intrepid
Released (1.2.0.dfsg-3.1ubuntu0.8.10.2)
jaunty
Released (1.2.0.dfsg-3.1ubuntu0.9.04.2)
karmic Not vulnerable
(1.2.0.dfsg-6)
Patches:
upstream: https://trac.xiph.org/changeset/2959
upstream: https://trac.xiph.org/changeset/2960
upstream: https://trac.xiph.org/changeset/14811