CVE-2009-3379
published 2009-10-29CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service…
PriorityP335critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.37%
91.6th percentile
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.2.3-1 (bookworm) | libvorbis 1.2.3-1 (bookworm) |
| debian | libvorbisidec | < libvorbis 1.2.3-1 (bookworm) | libvorbis 1.2.3-1 (bookworm) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| xiph.org | libvorbis | >= 0 < 1.2.3-1 | 1.2.3-1 |
| xiph.org | libvorbis | >= 0 < 1.2.3-1 | 1.2.3-1 |
| xiph.org | libvorbis | >= 0 < 1.2.3-1 | 1.2.3-1 |
| xiph.org | libvorbis | >= 0 < 1.2.3-1 | 1.2.3-1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libvorbis vulnerabilities
vendor_ubuntu·2009-11-24·CVSS 4.3
CVE-2008-2009 [MEDIUM] libvorbis vulnerabilities
Title: libvorbis vulnerabilities
Summary: libvorbis vulnerabilities
It was discovered that libvorbis did not correctly handle ogg files with
underpopulated Huffman trees. If a user were tricked into opening a
specially crafted ogg file with an application that uses libvorbis, an
attacker could cause a denial of service. (CVE-2008-2009)
It was discovered that libvorbis did not correctly handle certain malformed
ogg files. If a user were tricked into opening a specially crafted ogg file
with an application that uses libvorbis, an attacker could cause a denial
of service or possibly execute arbitrary code with the user's privileges.
(CVE-2009-3379)
Instructions: After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the
Red Hat
libvorbis: security fixes mentioned in MFSA 2009-63
vendor_redhat·2009-10-27·CVSS 9.3
CVE-2009-3379 [CRITICAL] libvorbis: security fixes mentioned in MFSA 2009-63
libvorbis: security fixes mentioned in MFSA 2009-63
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Debian
CVE-2009-3379: libvorbis - Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3....
vendor_debian·2009·CVSS 9.3
CVE-2009-3379 [CRITICAL] CVE-2009-3379: libvorbis - Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3....
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Scope: local
bookworm: resolved (fixed in 1.2.3-1)
bullseye: resolved (fixed in 1.2.3-1)
forky: resolved (fixed in 1.2.3-1)
sid: resolved (fixed in 1.2.3-1)
trixie: resolved (fixed in 1.2.3-1)
GHSA
GHSA-f7fv-7rmr-mpcf: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-3379 [CRITICAL] GHSA-f7fv-7rmr-mpcf: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
OSV
CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3
osv·2009-10-29·CVSS 9.3
CVE-2009-3379 [CRITICAL] CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/37306http://secunia.com/advisories/37340http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:294http://www.mozilla.org/security/announce/2009/mfsa2009-63.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1561.htmlhttp://www.ubuntu.com/usn/USN-861-1http://www.vupen.com/english/advisories/2009/3334https://bugzilla.mozilla.org/show_bug.cgi?id=499512https://bugzilla.mozilla.org/show_bug.cgi?id=500254https://bugzilla.mozilla.org/show_bug.cgi?id=501279https://bugzilla.mozilla.org/show_bug.cgi?id=507167https://bugzilla.mozilla.org/show_bug.cgi?id=515889https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10993https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6582https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00315.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00369.htmlhttp://secunia.com/advisories/37306http://secunia.com/advisories/37340http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:294http://www.mozilla.org/security/announce/2009/mfsa2009-63.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1561.htmlhttp://www.ubuntu.com/usn/USN-861-1http://www.vupen.com/english/advisories/2009/3334https://bugzilla.mozilla.org/show_bug.cgi?id=499512https://bugzilla.mozilla.org/show_bug.cgi?id=500254https://bugzilla.mozilla.org/show_bug.cgi?id=501279https://bugzilla.mozilla.org/show_bug.cgi?id=507167https://bugzilla.mozilla.org/show_bug.cgi?id=515889https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10993https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6582https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00315.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00369.html
2009-10-29
Published