*** This bug is a security vulnerability *** Public security bug reported:
CVE-2008-1419 description: "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419 CVE-2008-1420: "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1420 CVE-2008-1423: "Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1423 ** Affects: libvorbis (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1419 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1420 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1423 -- Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423] https://bugs.launchpad.net/bugs/232150 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
