CVE-2008-1419: Input Validation
First published: Fri Apr 04 2008(Updated: )
Will Drewry of the Google Security Team reported an issue in OGG Vorbis library, that can cause crash of the application using vorbis library, trigger an infinite loop, or cause an integer overflow leading to possible heap overflow. Problem is caused by codebooks with codebook.dim == 0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =4.0 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Xiph.Org libvorbis | =1.0.0 | |
| Xiph.Org libvorbis | =1.0.1 | |
| Xiph.Org libvorbis | =1.1.0 | |
| Xiph.Org libvorbis | =1.1.1 | |
| Xiph.Org libvorbis | =1.2.0 | |
| Xiph.Org libvorbis | =1.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=440700
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
- http://www.redhat.com/support/errata/RHSA-2008-0270.html
- http://www.redhat.com/support/errata/RHSA-2008-0271.html
- http://www.securityfocus.com/bid/29206
- http://www.securitytracker.com/id?1020029
- http://secunia.com/advisories/30234
- http://secunia.com/advisories/30237
- http://secunia.com/advisories/30247
- http://secunia.com/advisories/30259
- http://www.debian.org/security/2008/dsa-1591
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
- http://secunia.com/advisories/30479
- http://secunia.com/advisories/30581
- http://secunia.com/advisories/30820
- http://security.gentoo.org/glsa/glsa-200806-09.xml
- http://www.ubuntu.com/usn/USN-682-1
- http://secunia.com/advisories/32946
- http://www.vupen.com/english/advisories/2008/1510/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104
- http://svn.xiph.org/trunk/vorbis/
- http://svn.xiph.org/trunk/vorbis/lib/
- https://trac.xiph.org/changeset/14602
- http://rhn.redhat.com/errata/RHSA-2008-0271.html
- http://rhn.redhat.com/errata/RHSA-2008-0270.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2008-3898
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3934
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-3910
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-1419
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/2.1
- version/redhat enterprise linux/4.0
- version/redhat enterprise linux/5
- version/redhat enterprise linux/5.0
- canonical/redhat linux advanced workstation
- version/redhat linux advanced workstation/2.1
- vendor/xiph.org
- canonical/xiph.org libvorbis
- version/xiph.org libvorbis/1.0.0
- version/xiph.org libvorbis/1.0.1
- version/xiph.org libvorbis/1.1.0
- version/xiph.org libvorbis/1.1.1
- version/xiph.org libvorbis/1.2.0
- version/xiph.org libvorbis/1.12