FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvorbis -- various security issues

Affected packages
libvorbis < 1.2.0_2,3


VuXML ID f5a76faf-244c-11dd-b143-0211d880e350
Discovery 2008-05-14
Entry 2008-05-17

Red Hat reports:

Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted [Vorbis] audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened.


CVE Name CVE-2008-1419
CVE Name CVE-2008-1420
CVE Name CVE-2008-1423