CVE-2009-2663 — Out-of-bounds Write in Mozilla Firefox

CWE-39915 documents8 sources

Severity

10.0CRITICALNVD

NVD9.3CNA9.3OSV9.3

EPSS

2.2%

top 15.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph.org Libvorbis Mozilla Firefox

Timeline

PublishedAug 4

Latest updateMay 2

Description

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.1+96

▶Debianxiph.org/libvorbis< 1.2.3-1+7

Patches

Patch: www.mozilla.org ↗Patch: www.vupen.com ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-r52r-p4hh-9m3j: libvorbis before r16182, as used in Mozilla Firefox 3↗2022-05-02

▶

GHSA

GHSA-f7fv-7rmr-mpcf: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2022-05-02

▶

OSV

CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2009-10-29

▶

CVEList

CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3↗2009-10-29

▶

CVEList

CVE-2009-2663: libvorbis before r16182, as used in Mozilla Firefox 3↗2009-08-04

▶

📋Vendor Advisories

Red Hat

libvorbis: security fixes mentioned in MFSA 2009-63↗2009-10-27

▶

Ubuntu

libvorbis vulnerability↗2009-08-24

▶

Red Hat

libvorbis: Improper codec headers processing (DoS, ACE)↗2009-06-24

▶

Debian

CVE-2009-2663: libvorbis - libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other...↗2009

▶

Debian

CVE-2009-3379: libvorbis - Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3....↗2009

▶

💬Community

Bugzilla

CVE-2009-3379 libvorbis: security fixes mentioned in MFSA 2009-63↗2009-10-29

▶

Bugzilla

CVE-2009-2663 libvorbis: Improper codec headers processing (DoS, ACE)↗2009-08-07

▶