Your submission was sent successfully! Close

CVE-2009-2663

Published: 4 August 2009

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

Notes

AuthorNote
mdeslaur
added libvorbis
PoC in RH bug
Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

libvorbis
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (1.2.0.dfsg-2ubuntu0.2)
intrepid
Released (1.2.0.dfsg-3.1ubuntu0.8.10.1)
jaunty
Released (1.2.0.dfsg-3.1ubuntu0.9.04.1)
karmic Not vulnerable
(1.2.0.dfsg-6)
upstream Needs triage

Patches:
upstream: https://trac.xiph.org/changeset/16181
upstream: https://trac.xiph.org/changeset/16182
xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable
(1.9.0.14)
intrepid Not vulnerable
(1.9.0.14)
jaunty Not vulnerable
(1.9.0.14)
karmic Does not exist

upstream
Released (1.9.0.14)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2)
karmic Not vulnerable

upstream Needs triage