CVE-2008-1423 - Secunia.com

CVE Reference: CVE-2008-1423
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1423

Description: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42403 UBUNTU http://www.ubuntu.com/usn/USN-682-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html ST 1020029 SAID Secunia Advisory: SA30581 Secunia Advisory: SA30820 Secunia Advisory: SA30479 Secunia Advisory: SA30247 Secunia Advisory: SA30259 Secunia Advisory: SA30237 Secunia Advisory: SA30234 Secunia Advisory: SA32946 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.redhat.com/support/errata/RHSA-2008-0270.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9851 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 GENTOO http://security.gentoo.org/glsa/glsa-200806-09.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1591 CONFIRM BID 29206

Return to the previous page.

Secunia