CVE-2008-1423

2008-05-16 14:54:00 2017-09-29 03:30:42

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Xiph.org Libvorbis 1.0.0 (not an official CPE) Xiph.org Libvorbis 1.2.0 (not an official CPE) Xiph.org Libvorbis 1.1.1 (not an official CPE) Xiph.org Libvorbis 1.1.0 (not an official CPE) Xiph.org Libvorbis 1.0.1 (not an official CPE) Xiph.org Libvorbis 1.1.2 (not an official CPE)

Xiph.org - Libvorbis

Advisory	Patch	Confirmed	Link
			FEDORA-2008-3910
			FEDORA-2008-3898
			FEDORA-2008-3934
			https://bugzilla.redhat.com/show_bug.cgi?id=440709
			libvorbis-quantvals-quantlist-bo(42403)
			ADV-2008-1510
			USN-682-1
			1020029
			29206
			RHSA-2008:0271
			RHSA-2008:0270
			MDVSA-2008:102
			DSA-1591
			GLSA-200806-09
			SUSE-SR:2008:012

CVE-2008-1423

2008-05-16 14:54:00 2017-09-29 03:30:42

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)