Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1591-1
HistoryJun 03, 2008 - 12:00 a.m.

libvorbis - several vulnerabilities

2008-06-0300:00:00
Google
osv.dev
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.03 Low

EPSS

Percentile

89.5%

JSON

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-1419
    libvorbis does not properly handle a zero value which allows remote
    attackers to cause a denial of service (crash or infinite loop) or
    trigger an integer overflow.
  • CVE-2008-1420
    Integer overflow in libvorbis allows remote attackers to execute
    arbitrary code via a crafted OGG file, which triggers a heap overflow.
  • CVE-2008-1423
    Integer overflow in libvorbis allows remote attackers to cause a denial
    of service (crash) or execute arbitrary code via a crafted OGG file
    which triggers a heap overflow.

For the stable distribution (etch), these problems have been fixed in version
1.1.2.dfsg-1.4.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.dfsg-3.1.

We recommend that you upgrade your libvorbis package.

Related

nessus 19
openvas 35
seebug 1
fedora 3
redhat 2
securityvulns 3
freebsd 3
centos 2
oraclelinux 1
debian 1
gentoo 1
ubuntu 2
debiancve 3
veracode 3
prion 4
ubuntucve 4
cve 4
nessus
nessus
Fedora 8 : libvorbis-1.2.0-2.fc8 (2008-3934)
2008-05-16 00:00:00
FreeBSD : libvorbis -- various security issues (f5a76faf-244c-11dd-b143-0211d880e350)
2008-05-20 00:00:00
Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2008-0270)
2013-07-12 00:00:00
openvas
openvas
CentOS Update for libvorbis CESA-2008:0270 centos3 i386
2009-02-27 00:00:00
Fedora Update for libvorbis FEDORA-2008-3898
2009-02-17 00:00:00
CentOS Update for libvorbis CESA-2008:0270 centos3 x86_64
2009-02-27 00:00:00
seebug
seebug
libvorbis倚δΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-05-17 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: libvorbis-1.2.0-2.fc8
2008-05-14 22:08:15
[SECURITY] Fedora 9 Update: libvorbis-1.2.0-4.fc9
2008-05-14 22:10:23
[SECURITY] Fedora 7 Update: libvorbis-1.1.2-4.fc7
2008-05-14 22:08:55
redhat
redhat
(RHSA-2008:0270) Important: libvorbis security update
2008-05-14 00:00:00
(RHSA-2008:0271) Important: libvorbis security update
2008-05-14 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities
2008-06-04 00:00:00
libvorbis multiple security vulnerabilities
2009-08-25 00:00:00
[USN-825-1] libvorbis vulnerability
2009-08-25 00:00:00
freebsd
freebsd
libvorbis -- various security issues
2008-05-14 00:00:00
libtremor -- multiple vulnerabilities
2008-03-19 00:00:00
libvorbis -- multiple vulnerabilities
2009-11-24 00:00:00
centos
centos
libvorbis security update
2008-05-14 12:52:45
libvorbis security update
2008-05-16 03:59:20
oraclelinux
oraclelinux
libvorbis security update
2008-05-14 00:00:00
debian
debian
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities
2008-06-03 09:27:35
gentoo
gentoo
libvorbis: Multiple vulnerabilities
2008-06-23 00:00:00
ubuntu
ubuntu
libvorbis vulnerabilities
2008-12-01 00:00:00
libvorbis vulnerability
2009-08-24 00:00:00
debiancve
debiancve
CVE-2008-1423
2008-05-16 12:54:00
CVE-2008-1419
2008-05-16 12:54:00
CVE-2008-1420
2008-05-16 12:54:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:23:05
Arbitrary Code Execution
2020-04-10 00:23:05
Denial Of Service (DoS)
2020-04-10 00:23:05
prion
prion
Integer overflow
2008-05-16 12:54:00
Integer overflow
2008-05-16 12:54:00
Integer overflow
2008-05-16 12:54:00
ubuntucve
ubuntucve
CVE-2008-1423
2008-05-16 00:00:00
CVE-2008-1419
2008-05-16 00:00:00
CVE-2008-1420
2008-05-16 00:00:00
cve
cve
CVE-2008-1423
2008-05-16 12:54:00
CVE-2008-1420
2008-05-16 12:54:00
CVE-2008-1419
2008-05-16 12:54:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.03 Low

EPSS

Percentile

89.5%

JSON
Related for OSV:DSA-1591-1
nessus19openvas35seebug1fedora3redhat2securityvulns3freebsd3centos2oraclelinux1debian1gentoo1ubuntu2debiancve3veracode3prion4ubuntucve4cve4