cbcvebase.
CVE-2008-1423
published 2008-05-16

CVE-2008-1423: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service…

PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.13%
94.1th percentile
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianlibvorbis< libvorbis 1.2.0.dfsg-3.1 (bookworm)libvorbis 1.2.0.dfsg-3.1 (bookworm)
debianlibvorbisidec< libvorbis 1.2.0.dfsg-3.1 (bookworm)libvorbis 1.2.0.dfsg-3.1 (bookworm)
xiph.orglibvorbis
xiph.orglibvorbis
xiph.orglibvorbis
xiph.orglibvorbis
xiph.orglibvorbis
xiph.orglibvorbis
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-3.11.2.0.dfsg-3.1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-3.11.2.0.dfsg-3.1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-3.11.2.0.dfsg-3.1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-3.11.2.0.dfsg-3.1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.