CVE-2008-2009
Published: 16 May 2008
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
Notes
Author | Note |
---|---|
mdeslaur | description is misleading, part of the patch applies to recent versions. |
Priority
Status
Package | Release | Status |
---|---|---|
libvorbis Launchpad, Ubuntu, Debian |
upstream |
Released
(1.0)
|
dapper |
Ignored
(end of life)
|
|
hardy |
Released
(1.2.0.dfsg-2ubuntu0.3)
|
|
intrepid |
Released
(1.2.0.dfsg-3.1ubuntu0.8.10.2)
|
|
jaunty |
Released
(1.2.0.dfsg-3.1ubuntu0.9.04.2)
|
|
karmic |
Not vulnerable
(1.2.0.dfsg-6)
|
|
Patches: upstream: https://trac.xiph.org/changeset/2959 upstream: https://trac.xiph.org/changeset/2960 upstream: https://trac.xiph.org/changeset/14811 |