CVE-2008-1420 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1420
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1420

Description: Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42402 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-825-1 http://www.ubuntu.com/usn/USN-682-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html ST 1020029 SAID Secunia Advisory: SA30479 Secunia Advisory: SA30581 Secunia Advisory: SA30259 Secunia Advisory: SA30237 Secunia Advisory: SA30247 Secunia Advisory: SA30234 Secunia Advisory: SA36463 Secunia Advisory: SA32946 Secunia Advisory: SA30820 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.redhat.com/support/errata/RHSA-2008-0270.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 GENTOO http://security.gentoo.org/glsa/glsa-200806-09.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1591 CONFIRM BID 29206

Return to the previous page.