Ubuntu
libvorbis package

Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]

Bug #232150 reported by Till Ulen on 2008-05-20

254

Affects		Status	Importance	Assigned to	Milestone
	libvorbis (Debian)	Fix Released	Unknown	debbugs #482518
	libvorbis (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

CVE-2008-1419 description:

"Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419

CVE-2008-1420:

"Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1420

CVE-2008-1423:

"Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1423

Related branches

lp:ubuntu/dapper-security/libvorbis

lp:ubuntu/gutsy-security/libvorbis

lp:ubuntu/hardy-security/libvorbis

lp:ubuntu/intrepid-security/libvorbis

lp:ubuntu/jaunty-updates/libvorbis

lp:ubuntu/karmic-security/libvorbis

CVE References

Revision history for this message

Till Ulen (tillulen) wrote on 2008-06-03:

Debian advisory: http://www.debian.org/security/2008/dsa-1591

Bug Watch Updater (bug-watch-updater) on 2008-06-03

Changed in libvorbis:
status:	Unknown → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-12-01:

This bug was fixed in the package libvorbis - 1.2.0.dfsg-1ubuntu0.1

---------------
libvorbis (1.2.0.dfsg-1ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: crash or integer overflow with codebook.dim zero
    value (LP: #232150)
    - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
      codebook.dim is not zero in lib/codebook.c
    - CVE-2008-1419
  * SECURITY UPDATE: code execution via heap overflow in residue partition
    value (LP: #232150)
    - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
      specifying an impossible or inconsistent partitioning scheme in
      lib/res0.c
    - CVE-2008-1420
  * SECURITY UPDATE: code execution via heap overflow in a quantvals and
    quantlist calculation (LP: #232150)
    - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
      absurdly huge codebooks in lib/codebook.c
    - CVE-2008-1423

-- Marc Deslauriers <email address hidden> Wed, 26 Nov 2008 10:20:38 -0500

Changed in libvorbis:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #482518
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibvorbis package