CVE-2009-3379

Publication date 29 October 2009

Last updated 24 July 2024


Ubuntu priority

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy
Not affected
6.06 LTS dapper Ignored end of life
xulrunner-1.9.1 9.10 karmic
Fixed 1.9.1.9+nobinonly-0ubuntu0.9.10.1
9.04 jaunty
Fixed 1.9.1.9+nobinonly-0ubuntu0.9.04.1
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes


mdeslaur

libvorbis: need to also fix a second regression for CVE-2008-1420

References

Related Ubuntu Security Notices (USN)

    • USN-861-1
    • libvorbis vulnerabilities
    • 24 November 2009

Other references