FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1420

This CVE name corresponds to:

Entered Topic
2015-08-25 libtremor -- multiple vulnerabilities
2009-11-24 libvorbis -- multiple vulnerabilities
2008-05-17 libvorbis -- various security issues

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-1420
Phase Assigned(20080320)

Description

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

References

Source Reference
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=440706
DEBIAN DSA-1591
FEDORA FEDORA-2008-3898
FEDORA FEDORA-2008-3910
FEDORA FEDORA-2008-3934
GENTOO GLSA-200806-09
MANDRIVA MDVSA-2008:102
REDHAT RHSA-2008:0270
REDHAT RHSA-2008:0271
SUSE SUSE-SR:2008:012
UBUNTU USN-682-1
UBUNTU USN-825-1
BID 29206
OVAL oval:org.mitre.oval:def:9500
SECUNIA 32946
SECUNIA 36463
VUPEN ADV-2008-1510
SECTRACK 1020029
SECUNIA 30234
SECUNIA 30237
SECUNIA 30247
SECUNIA 30259
SECUNIA 30479
SECUNIA 30581
SECUNIA 30820
XF libvorbis-residue-bo(42402)