CVE-2008-1420

2008-05-16 14:54:00 2018-10-03 23:53:46

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Xiph.org Libvorbis 1.2.0 (not an official CPE) Xiph.org Libvorbis 1.1.1 (not an official CPE) Xiph.org Libvorbis 1.1.0 (not an official CPE) Xiph.org Libvorbis 1.0.1 (not an official CPE) Xiph.org Libvorbis 1.0.0 (not an official CPE) Xiph.org Libvorbis 1.12 (not an official CPE)

Xiph.org - Libvorbis

Advisory	Patch	Confirmed	Link
			FEDORA-2008-3910
			FEDORA-2008-3898
			libvorbis-residue-bo(42402)
			USN-825-1
			FEDORA-2008-3934
			https://bugzilla.redhat.com/show_bug.cgi?id=440706
			ADV-2008-1510
			USN-682-1
			1020029
			29206
			RHSA-2008:0271
			RHSA-2008:0270
			MDVSA-2008:102
			DSA-1591
			SUSE-SR:2008:012
			GLSA-200806-09

CVE-2008-1420

2008-05-16 14:54:00 2018-10-03 23:53:46

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)