7.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.031 Low
EPSS
Percentile
90.7%
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 9.04 | |
ubuntu_linux | eq | 8.04 | |
ubuntu_linux | eq | 8.10 | |
ubuntu_linux | eq | 9.10 | |
libvorbis | eq | 1.0 beta4 | |
libvorbis | eq | 1.0 rc1 | |
libvorbis | eq | 1.0 rc2 |