9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
libvorbis is vulnerable to arbitrary code execution. An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file that would cause a denial of service (memory corruption and application crash) or, potentially, execute arbitrary code with the privileges of an application using the libvorbis library when opened by a victim.
CPE | Name | Operator | Version |
---|---|---|---|
libvorbis | eq | 1.1.0__2.el4.5 | |
libvorbis | eq | 1.0__10.el3 | |
libvorbis | eq | 1.0__8.el3 | |
libvorbis | eq | 1.1.0__2.el4.5 | |
libvorbis | eq | 1.0__10.el3 | |
libvorbis | eq | 1.0__8.el3 |
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
secunia.com/advisories/36126
secunia.com/advisories/36230
secunia.com/advisories/36263
secunia.com/advisories/36463
sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
www.mozilla.org/security/announce/2009/mfsa2009-45.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/35927
www.securityfocus.com/bid/36018
www.vupen.com/english/advisories/2009/2142
www.vupen.com/english/advisories/2009/2223
access.redhat.com/errata/RHSA-2009:1219
bugzilla.mozilla.org/show_bug.cgi?id=500254
bugzilla.redhat.com/show_bug.cgi?id=516259
exchange.xforce.ibmcloud.com/vulnerabilities/52397
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9506
usn.ubuntu.com/825-1/
www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00481.html