Your submission was sent successfully! Close

CVE-2008-2009

Published: 16 May 2008

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Priority

Low

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (1.2.0.dfsg-2ubuntu0.3)
intrepid
Released (1.2.0.dfsg-3.1ubuntu0.8.10.2)
jaunty
Released (1.2.0.dfsg-3.1ubuntu0.9.04.2)
karmic Not vulnerable
(1.2.0.dfsg-6)
upstream
Released (1.0)
Patches:
upstream: https://trac.xiph.org/changeset/2959
upstream: https://trac.xiph.org/changeset/2960
upstream: https://trac.xiph.org/changeset/14811