ID CVE-2008-1420
Summary Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 2.1 Advanced Server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:as
  • Red Hat Enterprise Linux 2.1 Enterprise Server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:es
  • Red Hat Enterprise Linux 2.1 Workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:ws
  • Red Hat Enterprise Linux 4.0
    cpe:2.3:o:redhat:enterprise_linux:4.0
  • Red Hat Enterprise Linux Desktop (v.5 client)
    cpe:2.3:o:redhat:enterprise_linux:5:-:client
  • Red Hat Enterprise Linux Desktop Workstation (v.5 client)
    cpe:2.3:o:redhat:enterprise_linux:5:-:client_workstation
  • Red Hat Enterprise Linux 5.0
    cpe:2.3:o:redhat:enterprise_linux:5.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium
  • cpe:2.3:a:xiph.org:libvorbis:1.0.0
    cpe:2.3:a:xiph.org:libvorbis:1.0.0
  • cpe:2.3:a:xiph.org:libvorbis:1.0.1
    cpe:2.3:a:xiph.org:libvorbis:1.0.1
  • cpe:2.3:a:xiph.org:libvorbis:1.1.0
    cpe:2.3:a:xiph.org:libvorbis:1.1.0
  • cpe:2.3:a:xiph.org:libvorbis:1.1.1
    cpe:2.3:a:xiph.org:libvorbis:1.1.1
  • cpe:2.3:a:xiph.org:libvorbis:1.2.0
    cpe:2.3:a:xiph.org:libvorbis:1.2.0
  • cpe:2.3:a:xiph.org:libvorbis:1.12
    cpe:2.3:a:xiph.org:libvorbis:1.12
CVSS
Base: 6.8 (as of 08-11-2016 - 10:06)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-825-1.NASL
    description It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-2663) USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1420). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40769
    published 2009-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40769
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : libvorbis vulnerability (USN-825-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1591.NASL
    description Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1419 libvorbis does not properly handle a zero value which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. - CVE-2008-1420 Integer overflow in libvorbis allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. - CVE-2008-1423 Integer overflow in libvorbis allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file which triggers a heap overflow.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33077
    published 2008-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33077
    title Debian DSA-1591-1 : libvorbis - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBVORBIS-5259.NASL
    description Several security problems were fixed in libvorbis : - Division by zero. (CVE-2008-1419) - integer overflow. (CVE-2008-1420) - integer overflow. (CVE-2008-1423)
    last seen 2018-09-01
    modified 2016-12-22
    plugin id 32474
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32474
    title SuSE 10 Security Update : libvorbis (ZYPP Patch Number 5259)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200806-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200806-09 (libvorbis: Multiple vulnerabilities) Will Drewry of the Google Security Team reported multiple vulnerabilities in libvorbis: A zero value for 'codebook.dim' is not properly handled, leading to a crash, infinite loop or triggering an integer overflow (CVE-2008-1419). An integer overflow in 'residue partition value' evaluation might lead to a heap-based buffer overflow (CVE-2008-1420). An integer overflow in a certain 'quantvals' and 'quantlist' calculation might lead to a heap-based buffer overflow (CVE-2008-1423). Impact : A remote attacker could exploit these vulnerabilities by enticing a user to open a specially crafted Ogg Vorbis file or network stream with an application using libvorbis. This might lead to the execution of arbitrary code with the privileges of the user playing the file or a Denial of Service by a crash or CPU consumption. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 33245
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33245
    title GLSA-200806-09 : libvorbis: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3910.NASL
    description Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32342
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32342
    title Fedora 9 : libvorbis-1.2.0-4.fc9 (2008-3910)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12159.NASL
    description Several security problems were fixed in libvorbis : - Division by zero. (CVE-2008-1419) - integer overflow. (CVE-2008-1420) - integer overflow. (CVE-2008-1423)
    last seen 2018-09-01
    modified 2016-12-21
    plugin id 41213
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41213
    title SuSE9 Security Update : libvorbis (YOU Patch Number 12159)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F5A76FAF244C11DDB1430211D880E350.NASL
    description Red Hat reports : Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted [Vorbis] audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 32388
    published 2008-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32388
    title FreeBSD : libvorbis -- various security issues (f5a76faf-244c-11dd-b143-0211d880e350)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3DAC84C9BCE141999784D68AF1EB7B2E.NASL
    description The RedHat Project reports : Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash (NULL pointer dereference or divide by zero), enter an infinite loop or cause heap overflow caused by integer overflow.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85639
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85639
    title FreeBSD : libtremor -- multiple vulnerabilities (3dac84c9-bce1-4199-9784-d68af1eb7b2e)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080514_LIBVORBIS_ON_SL3_X.NASL
    description Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60399
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60399
    title Scientific Linux Security Update : libvorbis on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-102.NASL
    description Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitrary code when opened (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36438
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36438
    title Mandriva Linux Security Advisory : libvorbis (MDVSA-2008:102)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBVORBIS-5258.NASL
    description Several security problems were fixed in libvorbis : - CVE-2008-1419 - Division by zero - CVE-2008-1420 - integer overflow - CVE-2008-1423 - integer overflow
    last seen 2018-09-01
    modified 2016-12-22
    plugin id 32473
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32473
    title openSUSE 10 Security Update : libvorbis (libvorbis-5258)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0270.NASL
    description Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32326
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32326
    title CentOS 3 / 4 / 5 : libvorbis (CESA-2008:0270)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-682-1.NASL
    description It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37207
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37207
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : libvorbis vulnerabilities (USN-682-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0270.NASL
    description From Red Hat Security Advisory 2008:0270 : Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67690
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67690
    title Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2008-0270)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0271.NASL
    description Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32356
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32356
    title RHEL 2.1 : libvorbis (RHSA-2008:0271)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3898.NASL
    description Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32339
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32339
    title Fedora 7 : libvorbis-1.1.2-4.fc7 (2008-3898)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0270.NASL
    description Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32355
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32355
    title RHEL 3 / 4 / 5 : libvorbis (RHSA-2008:0270)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3934.NASL
    description Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32345
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32345
    title Fedora 8 : libvorbis-1.2.0-2.fc8 (2008-3934)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_94EDFF42D93D11DEA4340211D880E350.NASL
    description The Ubuntu security team reports : It was discovered that libvorbis did not correctly handle certain malformed vorbis files. If a user were tricked into opening a specially crafted vorbis file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 42886
    published 2009-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42886
    title FreeBSD : libvorbis -- multiple vulnerabilities (94edff42-d93d-11de-a434-0211d880e350)
oval via4
accepted 2013-04-29T04:19:48.775-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
family unix
id oval:org.mitre.oval:def:9500
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0270
  • rhsa
    id RHSA-2008:0271
rpms
  • libvorbis-1:1.0-10.el3
  • libvorbis-devel-1:1.0-10.el3
  • libvorbis-1:1.1.0-3.el4_6.1
  • libvorbis-devel-1:1.1.0-3.el4_6.1
  • libvorbis-1:1.1.2-3.el5_1.2
  • libvorbis-devel-1:1.1.2-3.el5_1.2
refmap via4
bid 29206
confirm https://bugzilla.redhat.com/show_bug.cgi?id=440706
debian DSA-1591
fedora
  • FEDORA-2008-3898
  • FEDORA-2008-3910
  • FEDORA-2008-3934
gentoo GLSA-200806-09
mandriva MDVSA-2008:102
sectrack 1020029
secunia
  • 30234
  • 30237
  • 30247
  • 30259
  • 30479
  • 30581
  • 30820
  • 32946
  • 36463
suse SUSE-SR:2008:012
ubuntu
  • USN-682-1
  • USN-825-1
vupen ADV-2008-1510
xf libvorbis-residue-bo(42402)
Last major update 08-11-2016 - 13:04
Published 16-05-2008 - 08:54
Last modified 03-10-2018 - 17:53
Back to Top