Your submission was sent successfully! Close

CVE-2009-2663

Published: 04 August 2009

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Needs triage

libvorbis
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: https://trac.xiph.org/changeset/16181
Upstream: https://trac.xiph.org/changeset/16182
xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.14)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
Upstream Needs triage