CVE-2008-1419
published 2008-05-16CVE-2008-1419: Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
4.25%
89.8th percentile
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| debian | libvorbisidec | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libvorbis vulnerabilities
vendor_ubuntu·2008-12-01
CVE-2008-1423 libvorbis vulnerabilities
Title: libvorbis vulnerabilities
Summary: libvorbis vulnerabilities
It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.
Instructions: After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.
Red Hat
vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
vendor_redhat·2008-05-14·CVSS 4.3
CVE-2008-1419 [MEDIUM] CWE-835 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Debian
CVE-2008-1419: libvorbis - Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for c...
vendor_debian·2008·CVSS 4.3
CVE-2008-1419 [MEDIUM] CVE-2008-1419: libvorbis - Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for c...
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Scope: local
bookworm: resolved (fixed in 1.2.0.dfsg-3.1)
bullseye: resolved (fixed in 1.2.0.dfsg-3.1)
forky: resolved (fixed in 1.2.0.dfsg-3.1)
sid: resolved (fixed in 1.2.0.dfsg-3.1)
trixie: resolved (fixed in 1.2.0.dfsg-3.1)
GHSA
GHSA-j65j-225q-hjwr: Xiph
ghsa_unreviewed·2022-05-01
CVE-2008-1419 [MEDIUM] CWE-20 GHSA-j65j-225q-hjwr: Xiph
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
OSV
CVE-2008-1419: Xiph
osv·2008-05-16·CVSS 4.3
CVE-2008-1419 [MEDIUM] CVE-2008-1419: Xiph
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440700https://exchange.xforce.ibmcloud.com/vulnerabilities/42397https://exchange.xforce.ibmcloud.com/vulnerabilities/42400https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440700https://exchange.xforce.ibmcloud.com/vulnerabilities/42397https://exchange.xforce.ibmcloud.com/vulnerabilities/42400https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
2008-05-16
Published