csaf_redhat - rhsa-2008

rhsa-2008_0271

Vulnerability from csaf_redhat

Published

2008-05-14 07:35

Modified

2024-11-22 01:59

Summary

Red Hat Security Advisory: libvorbis security update

Notes

Topic

Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated libvorbis packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libvorbis packages contain runtime libraries for use in programs that\nsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nWill Drewry of the Google Security Team reported several flaws in the way\nlibvorbis processed audio data. An attacker could create a carefully\ncrafted OGG audio file in such a way that it could cause an application\nlinked with libvorbis to crash, or execute arbitrary code when it was\nopened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009)\n\nMoreover, additional OGG file sanity-checks have been added to prevent\npossible exploitation of similar issues in the future.\n\nUsers of libvorbis are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0271",
        "url": "https://access.redhat.com/errata/RHSA-2008:0271"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "440700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700"
      },
      {
        "category": "external",
        "summary": "440706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706"
      },
      {
        "category": "external",
        "summary": "440709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440709"
      },
      {
        "category": "external",
        "summary": "444443",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0271.json"
      }
    ],
    "title": "Red Hat Security Advisory: libvorbis security update",
    "tracking": {
      "current_release_date": "2024-11-22T01:59:39+00:00",
      "generator": {
        "date": "2024-11-22T01:59:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0271",
      "initial_release_date": "2008-05-14T07:35:00+00:00",
      "revision_history": [
        {
          "date": "2008-05-14T07:35:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-05-14T03:35:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T01:59:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "2.1AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "2.1AW",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "2.1ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "2.1WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
                "product": {
                  "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
                  "product_id": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis-devel@1.0rc2-9.el2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-9.el2.ia64",
                "product": {
                  "name": "libvorbis-0:1.0rc2-9.el2.ia64",
                  "product_id": "libvorbis-0:1.0rc2-9.el2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-9.el2?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-9.el2.src",
                "product": {
                  "name": "libvorbis-0:1.0rc2-9.el2.src",
                  "product_id": "libvorbis-0:1.0rc2-9.el2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-9.el2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-devel-0:1.0rc2-9.el2.i386",
                "product": {
                  "name": "libvorbis-devel-0:1.0rc2-9.el2.i386",
                  "product_id": "libvorbis-devel-0:1.0rc2-9.el2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis-devel@1.0rc2-9.el2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-9.el2.i386",
                "product": {
                  "name": "libvorbis-0:1.0rc2-9.el2.i386",
                  "product_id": "libvorbis-0:1.0rc2-9.el2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-9.el2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-9.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.src",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.src as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-9.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.src",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.src as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-9.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.src",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-9.el2.src as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-9.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-9.el2.src",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-9.el2.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-9.el2.ia64",
        "relates_to_product_reference": "2.1WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-1419",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2008-03-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440700"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1419"
        },
        {
          "category": "external",
          "summary": "RHBZ#440700",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1419"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1419",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1419"
        }
      ],
      "release_date": "2008-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-14T07:35:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0271"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow"
    },
    {
      "cve": "CVE-2008-1420",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2008-03-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vorbis: integer overflow in partvals computation",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1420"
        },
        {
          "category": "external",
          "summary": "RHBZ#440706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1420"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1420",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1420"
        }
      ],
      "release_date": "2008-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-14T07:35:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0271"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vorbis: integer overflow in partvals computation"
    },
    {
      "cve": "CVE-2008-1423",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2008-03-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440709"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vorbis: integer oveflow caused by huge codebooks",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1423"
        },
        {
          "category": "external",
          "summary": "RHBZ#440709",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440709"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1423",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1423"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1423",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1423"
        }
      ],
      "release_date": "2008-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-14T07:35:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0271"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vorbis: integer oveflow caused by huge codebooks"
    },
    {
      "cve": "CVE-2008-2009",
      "discovery_date": "2008-04-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "444443"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree()",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2009"
        },
        {
          "category": "external",
          "summary": "RHBZ#444443",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2009"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2009",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2009"
        }
      ],
      "release_date": "2008-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-14T07:35:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-9.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-9.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-9.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-9.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0271"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree()"
    }
  ]
}

cve-2008-2009

Vulnerability from cvelistv5

Published

2008-05-16 06:54

Modified

2024-08-07 08:41

Severity ?

Summary

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=444443	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-0271.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1020029	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-861-1	vendor-advisory, x_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2008/1510/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30247	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42521	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:41:00.433Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443"
          },
          {
            "name": "RHSA-2008:0271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
          },
          {
            "name": "1020029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020029"
          },
          {
            "name": "USN-861-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-861-1"
          },
          {
            "name": "ADV-2008-1510",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1510/references"
          },
          {
            "name": "30247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30247"
          },
          {
            "name": "libvorbis-makedecodetree-dos(42521)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444443"
        },
        {
          "name": "RHSA-2008:0271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
        },
        {
          "name": "1020029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020029"
        },
        {
          "name": "USN-861-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-861-1"
        },
        {
          "name": "ADV-2008-1510",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1510/references"
        },
        {
          "name": "30247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30247"
        },
        {
          "name": "libvorbis-makedecodetree-dos(42521)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42521"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2009",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-04-29T00:00:00",
    "dateUpdated": "2024-08-07T08:41:00.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1423

Vulnerability from cvelistv5

Published

2008-05-16 06:54

Modified

2024-08-07 08:24

Severity ?

Summary

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

References

▼	URL	Tags
	http://secunia.com/advisories/30234	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0270.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=440709	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1591	vendor-advisory, x_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html	vendor-advisory, x_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2008-0271.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1020029	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42403	vdb-entry, x_refsource_XF
	http://www.ubuntu.com/usn/USN-682-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30237	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200806-09.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30479	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/29206	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/30259	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1510/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30247	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30820	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html	vendor-advisory, x_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:102	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/32946	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/30581	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30234"
          },
          {
            "name": "RHSA-2008:0270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440709"
          },
          {
            "name": "SUSE-SR:2008:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
          },
          {
            "name": "DSA-1591",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1591"
          },
          {
            "name": "FEDORA-2008-3910",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
          },
          {
            "name": "FEDORA-2008-3898",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
          },
          {
            "name": "RHSA-2008:0271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
          },
          {
            "name": "1020029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020029"
          },
          {
            "name": "libvorbis-quantvals-quantlist-bo(42403)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42403"
          },
          {
            "name": "USN-682-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-682-1"
          },
          {
            "name": "30237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30237"
          },
          {
            "name": "GLSA-200806-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
          },
          {
            "name": "30479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30479"
          },
          {
            "name": "29206",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29206"
          },
          {
            "name": "30259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30259"
          },
          {
            "name": "ADV-2008-1510",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1510/references"
          },
          {
            "name": "30247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30247"
          },
          {
            "name": "30820",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30820"
          },
          {
            "name": "FEDORA-2008-3934",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
          },
          {
            "name": "MDVSA-2008:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
          },
          {
            "name": "32946",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32946"
          },
          {
            "name": "oval:org.mitre.oval:def:9851",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851"
          },
          {
            "name": "30581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30234"
        },
        {
          "name": "RHSA-2008:0270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440709"
        },
        {
          "name": "SUSE-SR:2008:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
        },
        {
          "name": "DSA-1591",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1591"
        },
        {
          "name": "FEDORA-2008-3910",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
        },
        {
          "name": "FEDORA-2008-3898",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
        },
        {
          "name": "RHSA-2008:0271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
        },
        {
          "name": "1020029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020029"
        },
        {
          "name": "libvorbis-quantvals-quantlist-bo(42403)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42403"
        },
        {
          "name": "USN-682-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-682-1"
        },
        {
          "name": "30237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30237"
        },
        {
          "name": "GLSA-200806-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
        },
        {
          "name": "30479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30479"
        },
        {
          "name": "29206",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29206"
        },
        {
          "name": "30259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30259"
        },
        {
          "name": "ADV-2008-1510",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1510/references"
        },
        {
          "name": "30247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30247"
        },
        {
          "name": "30820",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30820"
        },
        {
          "name": "FEDORA-2008-3934",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
        },
        {
          "name": "MDVSA-2008:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
        },
        {
          "name": "32946",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32946"
        },
        {
          "name": "oval:org.mitre.oval:def:9851",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851"
        },
        {
          "name": "30581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30234",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30234"
            },
            {
              "name": "RHSA-2008:0270",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=440709",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440709"
            },
            {
              "name": "SUSE-SR:2008:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
            },
            {
              "name": "DSA-1591",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1591"
            },
            {
              "name": "FEDORA-2008-3910",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
            },
            {
              "name": "FEDORA-2008-3898",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
            },
            {
              "name": "RHSA-2008:0271",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
            },
            {
              "name": "1020029",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020029"
            },
            {
              "name": "libvorbis-quantvals-quantlist-bo(42403)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42403"
            },
            {
              "name": "USN-682-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-682-1"
            },
            {
              "name": "30237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30237"
            },
            {
              "name": "GLSA-200806-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
            },
            {
              "name": "30479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30479"
            },
            {
              "name": "29206",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29206"
            },
            {
              "name": "30259",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30259"
            },
            {
              "name": "ADV-2008-1510",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1510/references"
            },
            {
              "name": "30247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30247"
            },
            {
              "name": "30820",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30820"
            },
            {
              "name": "FEDORA-2008-3934",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
            },
            {
              "name": "MDVSA-2008:102",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
            },
            {
              "name": "32946",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32946"
            },
            {
              "name": "oval:org.mitre.oval:def:9851",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851"
            },
            {
              "name": "30581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1423",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-03-20T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1420

Vulnerability from cvelistv5

Published

2008-05-16 06:54

Modified

2024-08-07 08:24

Severity ?

Summary

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

References

▼	URL	Tags
	https://usn.ubuntu.com/825-1/	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30234	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0270.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=440706	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1591	vendor-advisory, x_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html	vendor-advisory, x_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2008-0271.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1020029	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-682-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30237	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200806-09.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30479	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/36463	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/29206	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/30259	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1510/references	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/30247	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30820	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html	vendor-advisory, x_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:102	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/32946	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30581	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42402	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:41.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-825-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/825-1/"
          },
          {
            "name": "30234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30234"
          },
          {
            "name": "RHSA-2008:0270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706"
          },
          {
            "name": "SUSE-SR:2008:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
          },
          {
            "name": "DSA-1591",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1591"
          },
          {
            "name": "FEDORA-2008-3910",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
          },
          {
            "name": "FEDORA-2008-3898",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
          },
          {
            "name": "RHSA-2008:0271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
          },
          {
            "name": "1020029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020029"
          },
          {
            "name": "USN-682-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-682-1"
          },
          {
            "name": "30237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30237"
          },
          {
            "name": "GLSA-200806-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
          },
          {
            "name": "30479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30479"
          },
          {
            "name": "36463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36463"
          },
          {
            "name": "29206",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29206"
          },
          {
            "name": "30259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30259"
          },
          {
            "name": "ADV-2008-1510",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1510/references"
          },
          {
            "name": "oval:org.mitre.oval:def:9500",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500"
          },
          {
            "name": "30247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30247"
          },
          {
            "name": "30820",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30820"
          },
          {
            "name": "FEDORA-2008-3934",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
          },
          {
            "name": "MDVSA-2008:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
          },
          {
            "name": "32946",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32946"
          },
          {
            "name": "30581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30581"
          },
          {
            "name": "libvorbis-residue-bo(42402)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42402"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-825-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/825-1/"
        },
        {
          "name": "30234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30234"
        },
        {
          "name": "RHSA-2008:0270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706"
        },
        {
          "name": "SUSE-SR:2008:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
        },
        {
          "name": "DSA-1591",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1591"
        },
        {
          "name": "FEDORA-2008-3910",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
        },
        {
          "name": "FEDORA-2008-3898",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
        },
        {
          "name": "RHSA-2008:0271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
        },
        {
          "name": "1020029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020029"
        },
        {
          "name": "USN-682-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-682-1"
        },
        {
          "name": "30237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30237"
        },
        {
          "name": "GLSA-200806-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
        },
        {
          "name": "30479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30479"
        },
        {
          "name": "36463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36463"
        },
        {
          "name": "29206",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29206"
        },
        {
          "name": "30259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30259"
        },
        {
          "name": "ADV-2008-1510",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1510/references"
        },
        {
          "name": "oval:org.mitre.oval:def:9500",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500"
        },
        {
          "name": "30247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30247"
        },
        {
          "name": "30820",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30820"
        },
        {
          "name": "FEDORA-2008-3934",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
        },
        {
          "name": "MDVSA-2008:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
        },
        {
          "name": "32946",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32946"
        },
        {
          "name": "30581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30581"
        },
        {
          "name": "libvorbis-residue-bo(42402)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42402"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1420",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-825-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/825-1/"
            },
            {
              "name": "30234",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30234"
            },
            {
              "name": "RHSA-2008:0270",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=440706",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706"
            },
            {
              "name": "SUSE-SR:2008:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
            },
            {
              "name": "DSA-1591",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1591"
            },
            {
              "name": "FEDORA-2008-3910",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
            },
            {
              "name": "FEDORA-2008-3898",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
            },
            {
              "name": "RHSA-2008:0271",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
            },
            {
              "name": "1020029",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020029"
            },
            {
              "name": "USN-682-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-682-1"
            },
            {
              "name": "30237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30237"
            },
            {
              "name": "GLSA-200806-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
            },
            {
              "name": "30479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30479"
            },
            {
              "name": "36463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36463"
            },
            {
              "name": "29206",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29206"
            },
            {
              "name": "30259",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30259"
            },
            {
              "name": "ADV-2008-1510",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1510/references"
            },
            {
              "name": "oval:org.mitre.oval:def:9500",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500"
            },
            {
              "name": "30247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30247"
            },
            {
              "name": "30820",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30820"
            },
            {
              "name": "FEDORA-2008-3934",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
            },
            {
              "name": "MDVSA-2008:102",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
            },
            {
              "name": "32946",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32946"
            },
            {
              "name": "30581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30581"
            },
            {
              "name": "libvorbis-residue-bo(42402)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42402"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1420",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-03-20T00:00:00",
    "dateUpdated": "2024-08-07T08:24:41.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1419

Vulnerability from cvelistv5

Published

2008-05-16 06:54

Modified

2024-08-07 08:24

Severity ?

Summary

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42400	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/30234	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0270.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1591	vendor-advisory, x_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42397	vdb-entry, x_refsource_XF
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2008-0271.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1020029	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-682-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30237	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200806-09.xml	vendor-advisory, x_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/30479	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/29206	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/30259	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1510/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30247	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30820	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html	vendor-advisory, x_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:102	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/32946	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30581	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=440700	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:41.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "libvorbis-ogg-dos(42400)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42400"
          },
          {
            "name": "30234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30234"
          },
          {
            "name": "RHSA-2008:0270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
          },
          {
            "name": "SUSE-SR:2008:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
          },
          {
            "name": "DSA-1591",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1591"
          },
          {
            "name": "FEDORA-2008-3910",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
          },
          {
            "name": "libvorbis-ogg-bo(42397)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42397"
          },
          {
            "name": "FEDORA-2008-3898",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
          },
          {
            "name": "RHSA-2008:0271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
          },
          {
            "name": "1020029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020029"
          },
          {
            "name": "USN-682-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-682-1"
          },
          {
            "name": "30237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30237"
          },
          {
            "name": "GLSA-200806-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:10104",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104"
          },
          {
            "name": "30479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30479"
          },
          {
            "name": "29206",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29206"
          },
          {
            "name": "30259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30259"
          },
          {
            "name": "ADV-2008-1510",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1510/references"
          },
          {
            "name": "30247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30247"
          },
          {
            "name": "30820",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30820"
          },
          {
            "name": "FEDORA-2008-3934",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
          },
          {
            "name": "MDVSA-2008:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
          },
          {
            "name": "32946",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32946"
          },
          {
            "name": "30581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "libvorbis-ogg-dos(42400)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42400"
        },
        {
          "name": "30234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30234"
        },
        {
          "name": "RHSA-2008:0270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
        },
        {
          "name": "SUSE-SR:2008:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
        },
        {
          "name": "DSA-1591",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1591"
        },
        {
          "name": "FEDORA-2008-3910",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
        },
        {
          "name": "libvorbis-ogg-bo(42397)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42397"
        },
        {
          "name": "FEDORA-2008-3898",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
        },
        {
          "name": "RHSA-2008:0271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
        },
        {
          "name": "1020029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020029"
        },
        {
          "name": "USN-682-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-682-1"
        },
        {
          "name": "30237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30237"
        },
        {
          "name": "GLSA-200806-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:10104",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104"
        },
        {
          "name": "30479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30479"
        },
        {
          "name": "29206",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29206"
        },
        {
          "name": "30259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30259"
        },
        {
          "name": "ADV-2008-1510",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1510/references"
        },
        {
          "name": "30247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30247"
        },
        {
          "name": "30820",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30820"
        },
        {
          "name": "FEDORA-2008-3934",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
        },
        {
          "name": "MDVSA-2008:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
        },
        {
          "name": "32946",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32946"
        },
        {
          "name": "30581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1419",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "libvorbis-ogg-dos(42400)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42400"
            },
            {
              "name": "30234",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30234"
            },
            {
              "name": "RHSA-2008:0270",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html"
            },
            {
              "name": "SUSE-SR:2008:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
            },
            {
              "name": "DSA-1591",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1591"
            },
            {
              "name": "FEDORA-2008-3910",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html"
            },
            {
              "name": "libvorbis-ogg-bo(42397)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42397"
            },
            {
              "name": "FEDORA-2008-3898",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html"
            },
            {
              "name": "RHSA-2008:0271",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html"
            },
            {
              "name": "1020029",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020029"
            },
            {
              "name": "USN-682-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-682-1"
            },
            {
              "name": "30237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30237"
            },
            {
              "name": "GLSA-200806-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:10104",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104"
            },
            {
              "name": "30479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30479"
            },
            {
              "name": "29206",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29206"
            },
            {
              "name": "30259",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30259"
            },
            {
              "name": "ADV-2008-1510",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1510/references"
            },
            {
              "name": "30247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30247"
            },
            {
              "name": "30820",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30820"
            },
            {
              "name": "FEDORA-2008-3934",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html"
            },
            {
              "name": "MDVSA-2008:102",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102"
            },
            {
              "name": "32946",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32946"
            },
            {
              "name": "30581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30581"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=440700",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1419",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-03-20T00:00:00",
    "dateUpdated": "2024-08-07T08:24:41.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2008_0271

Vulnerability from csaf_redhat

cve-2008-2009

Vulnerability from cvelistv5

cve-2008-1423

Vulnerability from cvelistv5

cve-2008-1420

Vulnerability from cvelistv5

cve-2008-1419

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature