Launchpad CVE tracker

CVE 2008-1420

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Related bugs and status

CVE-2008-1420 (Candidate) is related to these bugs:

Bug #232150: Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]

Summary				In	Importance	Status
	232150	Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]		libvorbis (Ubuntu)	Undecided	Fix Released
	232150	Multiple vulnerabilities in libvorbis 1.2.0 [CVE-2008-1419, CVE-2008-1420, CVE-2008-1423]		libvorbis (Debian)	Unknown	Fix Released

Bug #418059: libvorbis out of date

Summary				In	Importance	Status
	418059	libvorbis out of date		libvorbis (Ubuntu)	Undecided	Fix Released
	418059	libvorbis out of date		libvorbis (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-3898
FEDORA: FEDORA-2008-3910
FEDORA: FEDORA-2008-3934
MANDRIVA: MDVSA-2008:102
REDHAT: RHSA-2008:0270
REDHAT: RHSA-2008:0271
BID: 29206
SECTRACK: 1020029
SECUNIA: 30234
SECUNIA: 30237
SECUNIA: 30247
SECUNIA: 30259
DEBIAN: DSA-1591
SUSE: SUSE-SR:2008:012
SECUNIA: 30479
SECUNIA: 30581
GENTOO: GLSA-200806-09
SECUNIA: 30820
UBUNTU: USN-682-1
SECUNIA: 32946
SECUNIA: 36463
VUPEN: ADV-2008-1510
XF: libvorbis-residue-bo(4...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-825-1

Launchpad.net

CVE 2008-1420

Related bugs and status

Related bugs

References