Lucene search

K
cve[email protected]CVE-2008-1420
HistoryMay 16, 2008 - 12:54 p.m.

CVE-2008-1420

2008-05-1612:54:00
CWE-189
web.nvd.nist.gov
34
cve-2008-1420
integer overflow
libvorbis
remote code execution
ogg file
security vulnerability

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

References

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%

Related for CVE-2008-1420