CVE-2008-1423
published 2008-05-16CVE-2008-1423: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.13%
94.1th percentile
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| debian | libvorbisidec | < libvorbis 1.2.0.dfsg-3.1 (bookworm) | libvorbis 1.2.0.dfsg-3.1 (bookworm) |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-3.1 | 1.2.0.dfsg-3.1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wf2j-2f6p-cm9w: Integer overflow in a certain quantvals and quantlist calculation in Xiph
ghsa_unreviewed·2022-05-01
CVE-2008-1423 [HIGH] GHSA-wf2j-2f6p-cm9w: Integer overflow in a certain quantvals and quantlist calculation in Xiph
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
OSV
CVE-2008-1423: Integer overflow in a certain quantvals and quantlist calculation in Xiph
osv·2008-05-16·CVSS 9.3
CVE-2008-1423 [CRITICAL] CVE-2008-1423: Integer overflow in a certain quantvals and quantlist calculation in Xiph
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Ubuntu
libvorbis vulnerabilities
vendor_ubuntu·2008-12-01
CVE-2008-1423 libvorbis vulnerabilities
Title: libvorbis vulnerabilities
Summary: libvorbis vulnerabilities
It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.
Instructions: After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.
Red Hat
vorbis: integer oveflow caused by huge codebooks
vendor_redhat·2008-05-14·CVSS 9.3
CVE-2008-1423 [CRITICAL] CWE-190 vorbis: integer oveflow caused by huge codebooks
vorbis: integer oveflow caused by huge codebooks
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Debian
CVE-2008-1423: libvorbis - Integer overflow in a certain quantvals and quantlist calculation in Xiph.org li...
vendor_debian·2008·CVSS 9.3
CVE-2008-1423 [CRITICAL] CVE-2008-1423: libvorbis - Integer overflow in a certain quantvals and quantlist calculation in Xiph.org li...
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Scope: local
bookworm: resolved (fixed in 1.2.0.dfsg-3.1)
bullseye: resolved (fixed in 1.2.0.dfsg-3.1)
forky: resolved (fixed in 1.2.0.dfsg-3.1)
sid: resolved (fixed in 1.2.0.dfsg-3.1)
trixie: resolved (fixed in 1.2.0.dfsg-3.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
bugzilla·2009-10-29·CVSS 9.3
CVE-2009-3379 [CRITICAL] CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63
Quoting Mozilla Foundation Security Advisory 2009-63:
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky reported
crashes in libvorbis.
Advisory provides following bug list:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=501279,499512,500254,515889,507167
with only 500254 being public at the moment.
Discussion:
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
reported by Lucas Adamski
This issue is already known as CVE-2009-2663 (bug #516259). It was first fixed in Firefox 3.5.2 / 1.9.1.2 via:
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
(part of the "Browser crashes - Firefox 3.5"). Not sure why Mozilla upstream is men
Bugzilla
CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
bugzilla·2008-04-04·CVSS 9.3
CVE-2008-1423 [CRITICAL] CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
Will Drewry of the Google Security Team reported an issue in OGG Vorbis library,
that can cause an integer overflow in the computation of quantvals and of the
space required for quantlist leading to a heap overflow.
Check for the overflow added in the fix. Files are rejected if the total
virtual space of the codebook exceeds 24 bits.
Discussion:
Upstream patch:
$ svn log -r 14604 http://svn.xiph.org/trunk/vorbis/
r14604 | xiphmont | 2008-03-19 09:03:29 +0100 (Wed, 19 Mar 2008) | 3 lines
dd checks/rejection for absurdly huge codebooks.
$ svn diff -c 14604 http://svn.xiph.org/trunk/vorbis/
Index: lib/codebook.c
--- lib/codebook.c (revision 14603)
+++ lib/codebook.c (revision 14604)
@@ -159,6 +159,8 @@
s->entries=oggpack_r
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440709https://exchange.xforce.ibmcloud.com/vulnerabilities/42403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/30234http://secunia.com/advisories/30237http://secunia.com/advisories/30247http://secunia.com/advisories/30259http://secunia.com/advisories/30479http://secunia.com/advisories/30581http://secunia.com/advisories/30820http://secunia.com/advisories/32946http://security.gentoo.org/glsa/glsa-200806-09.xmlhttp://www.debian.org/security/2008/dsa-1591http://www.mandriva.com/security/advisories?name=MDVSA-2008:102http://www.redhat.com/support/errata/RHSA-2008-0270.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securityfocus.com/bid/29206http://www.securitytracker.com/id?1020029http://www.ubuntu.com/usn/USN-682-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=440709https://exchange.xforce.ibmcloud.com/vulnerabilities/42403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
2008-05-16
Published