libvorbis vulnerability

2009-08-2400:00:00

ubuntu.com

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.042 Low

EPSS

Percentile

92.1%

JSON

Releases

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04

Packages

libvorbis -

Details

It was discovered that libvorbis did not correctly handle certain malformed
ogg files. If a user were tricked into opening a specially crafted ogg file
with an application that uses libvorbis, an attacker could execute
arbitrary code with the user’s privileges. (CVE-2009-2663)

USN-682-1 provided updated libvorbis packages to fix multiple security
vulnerabilities. The upstream security patch to fix CVE-2008-1420
introduced a regression when reading sound files encoded with libvorbis
1.0beta1. This update corrects the problem.

Original advisory details:

It was discovered that libvorbis did not correctly handle certain
malformed sound files. If a user were tricked into opening a specially
crafted sound file with an application that uses libvorbis, an attacker
could execute arbitrary code with the user’s privileges. (CVE-2008-1420)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchlibvorbis0a< 1.2.0.dfsg-3.1ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibvorbis-dev< 1.2.0.dfsg-3.1ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibvorbisenc2< 1.2.0.dfsg-3.1ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibvorbisfile3< 1.2.0.dfsg-3.1ubuntu0.9.04.1UNKNOWN
Ubuntu8.10noarchlibvorbis0a< 1.2.0.dfsg-3.1ubuntu0.8.10.1UNKNOWN
Ubuntu8.10noarchlibvorbis-dev< 1.2.0.dfsg-3.1ubuntu0.8.10.1UNKNOWN
Ubuntu8.10noarchlibvorbisenc2< 1.2.0.dfsg-3.1ubuntu0.8.10.1UNKNOWN
Ubuntu8.10noarchlibvorbisfile3< 1.2.0.dfsg-3.1ubuntu0.8.10.1UNKNOWN
Ubuntu8.04noarchlibvorbis0a< 1.2.0.dfsg-2ubuntu0.2UNKNOWN
Ubuntu8.04noarchlibvorbis-dev< 1.2.0.dfsg-2ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.04	noarch	libvorbis0a	< 1.2.0.dfsg-3.1ubuntu0.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	libvorbis-dev	< 1.2.0.dfsg-3.1ubuntu0.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	libvorbisenc2	< 1.2.0.dfsg-3.1ubuntu0.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	libvorbisfile3	< 1.2.0.dfsg-3.1ubuntu0.9.04.1	UNKNOWN
Ubuntu	8.10	noarch	libvorbis0a	< 1.2.0.dfsg-3.1ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.10	noarch	libvorbis-dev	< 1.2.0.dfsg-3.1ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.10	noarch	libvorbisenc2	< 1.2.0.dfsg-3.1ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.10	noarch	libvorbisfile3	< 1.2.0.dfsg-3.1ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.04	noarch	libvorbis0a	< 1.2.0.dfsg-2ubuntu0.2	UNKNOWN
Ubuntu	8.04	noarch	libvorbis-dev	< 1.2.0.dfsg-2ubuntu0.2	UNKNOWN