Launchpad CVE tracker

CVE 2008-1419

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

Related bugs and status

CVE-2008-1419 (Candidate) is related to these bugs:

Bug #232150: Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]

Summary				In	Importance	Status
	232150	Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]		libvorbis (Ubuntu)	Undecided	Fix Released
	232150	Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]		libvorbis (Debian)	Unknown	Fix Released

Bug #418059: libvorbis out of date

Summary				In	Importance	Status
	418059	libvorbis out of date		libvorbis (Ubuntu)	Undecided	Fix Released
	418059	libvorbis out of date		libvorbis (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-3898
FEDORA: FEDORA-2008-3910
FEDORA: FEDORA-2008-3934
MANDRIVA: MDVSA-2008:102
REDHAT: RHSA-2008:0270
REDHAT: RHSA-2008:0271
BID: 29206
SECTRACK: 1020029
SECUNIA: 30234
SECUNIA: 30237
SECUNIA: 30247
SECUNIA: 30259
DEBIAN: DSA-1591
SUSE: SUSE-SR:2008:012
SECUNIA: 30479
SECUNIA: 30581
GENTOO: GLSA-200806-09
SECUNIA: 30820
UBUNTU: USN-682-1
SECUNIA: 32946
VUPEN: ADV-2008-1510
XF: libvorbis-ogg-bo(42397)
XF: libvorbis-ogg-dos(42400)
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2008-1419

Related bugs and status

Related bugs

References