Your submission was sent successfully! Close

CVE-2008-2009

Published: 16 May 2008

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Priority

Low

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
Upstream
Released (1.0)
Patches:
Upstream: https://trac.xiph.org/changeset/2959
Upstream: https://trac.xiph.org/changeset/2960
Upstream: https://trac.xiph.org/changeset/14811