CVE-2008-1420
published 2008-05-16CVE-2008-1420: Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
6.32%
92.7th percentile
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| debian | libvorbisidec | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pp3-xmgq-cpcc: Integer overflow in residue partition value (aka partvals) evaluation in Xiph
ghsa_unreviewed·2022-05-01
CVE-2008-1420 [MEDIUM] GHSA-3pp3-xmgq-cpcc: Integer overflow in residue partition value (aka partvals) evaluation in Xiph
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
OSV
CVE-2008-1420: Integer overflow in residue partition value (aka partvals) evaluation in Xiph
osv·2008-05-16·CVSS 6.8
CVE-2008-1420 [MEDIUM] CVE-2008-1420: Integer overflow in residue partition value (aka partvals) evaluation in Xiph
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Ubuntu
libvorbis vulnerability
vendor_ubuntu·2009-08-24·CVSS 6.8
CVE-2008-1420 [MEDIUM] libvorbis vulnerability
Title: libvorbis vulnerability
Summary: libvorbis vulnerability
It was discovered that libvorbis did not correctly handle certain malformed
ogg files. If a user were tricked into opening a specially crafted ogg file
with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges. (CVE-2009-2663)
USN-682-1 provided updated libvorbis packages to fix multiple security
vulnerabilities. The upstream security patch to fix CVE-2008-1420
introduced a regression when reading sound files encoded with libvorbis
1.0beta1. This update corrects the problem.
Original advisory details:
It was discovered that libvorbis did not correctly handle certain
malformed sound files. If a user were tricked into opening a specially
crafted sound file with an applicati
Ubuntu
libvorbis vulnerabilities
vendor_ubuntu·2008-12-01
CVE-2008-1423 libvorbis vulnerabilities
Title: libvorbis vulnerabilities
Summary: libvorbis vulnerabilities
It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.
Instructions: After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.
Red Hat
vorbis: integer overflow in partvals computation
vendor_redhat·2008-05-14·CVSS 6.8
CVE-2008-1420 [MEDIUM] CWE-190 vorbis: integer overflow in partvals computation
vorbis: integer overflow in partvals computation
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Debian
CVE-2008-1420: libvorbis - Integer overflow in residue partition value (aka partvals) evaluation in Xiph.or...
vendor_debian·2008·CVSS 6.8
CVE-2008-1420 [MEDIUM] CVE-2008-1420: libvorbis - Integer overflow in residue partition value (aka partvals) evaluation in Xiph.or...
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Scope: local
bookworm: resolved (fixed in 1.2.0.dfsg-3.1)
bullseye: resolved (fixed in 1.2.0.dfsg-3.1)
forky: resolved (fixed in 1.2.0.dfsg-3.1)
sid: resolved (fixed in 1.2.0.dfsg-3.1)
trixie: resolved (fixed in 1.2.0.dfsg-3.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
bugzilla·2009-10-29·CVSS 9.3
CVE-2009-3379 [CRITICAL] CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
Quoting Mozilla Foundation Security Advisory 2009-63:
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky reported
crashes in libvorbis.
Advisory provides following bug list:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=501279,499512,500254,515889,507167
with only 500254 being public at the moment.
Discussion:
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
reported by Lucas Adamski
This issue is already known as CVE-2009-2663 (bug #516259). It was first fixed in Firefox 3.5.2 / 1.9.1.2 via:
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
(part of the "Browser crashes - Firefox 3.5"). Not sure why Mozilla upstream is men
Bugzilla
CVE-2008-1420 vorbis: integer overflow in partvals computation
bugzilla·2008-04-04·CVSS 6.8
CVE-2008-1420 [MEDIUM] CVE-2008-1420 vorbis: integer overflow in partvals computation
CVE-2008-1420 vorbis: integer overflow in partvals computation
Will Drewry of the Google Security Team reported an issue in OGG Vorbis library,
that can cause an integer overflow leading to possible heap overflow.
Discussion:
Upstream patch:
$ svn log -r 14598 http://svn.xiph.org/trunk/vorbis/
r14598 | xiphmont | 2008-03-18 16:39:43 +0100 (Tue, 18 Mar 2008) | 6 lines
Add code to prevent heap attacks by exploiting dim=bignum and
partition_codewords = partion_values^dim. partition_codewords is
actually overdetermined; in the case of inconsistency, mark stream
undecodable.
$ svn diff -r 14597:14600 http://svn.xiph.org/trunk/vorbis/lib
Index: misc.h
--- misc.h (revision 14597)
+++ misc.h (revision 14600)
@@ -29,6 +29,7 @@
#ifdef DEBUG_MALLOC
#define _VDBG_GRAPHFILE "malloc.m"
+#undef _
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://secunia.com/advisories/36463http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440706https://exchange.xforce.ibmcloud.com/vulnerabilities/42402https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500https://usn.ubuntu.com/825-1/https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://secunia.com/advisories/36463http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440706https://exchange.xforce.ibmcloud.com/vulnerabilities/42402https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500https://usn.ubuntu.com/825-1/https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
2008-05-16
Published