CVE-2009-2663: Input Validation
First published: Tue Aug 04 2009(Updated: )
An insufficient input validation flaw was found in the way libvorbis used to process codec file headers (static mode headers and encoding books) for the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file, which would lead to denial of service (memory corruption and application crash) or, potentially execute arbitrary code with the privileges of the application using the libvorbis library, when opened by the victim. References: ----------- <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=500254">https://bugzilla.mozilla.org/show_bug.cgi?id=500254</a> <a href="http://bugs.gentoo.org/280393">http://bugs.gentoo.org/280393</a> <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663</a> Reproducer: ----------- <a href="https://bugzilla.mozilla.org/attachment.cgi?id=384979">https://bugzilla.mozilla.org/attachment.cgi?id=384979</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=3.5.1 | |
| Mozilla Firefox | =0.1 | |
| Mozilla Firefox | =0.2 | |
| Mozilla Firefox | =0.3 | |
| Mozilla Firefox | =0.4 | |
| Mozilla Firefox | =0.5 | |
| Mozilla Firefox | =0.6 | |
| Mozilla Firefox | =0.6.1 | |
| Mozilla Firefox | =0.7 | |
| Mozilla Firefox | =0.7.1 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Firefox | =0.9 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Firefox | =0.9_rc | |
| Mozilla Firefox | =0.10 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Firefox | =1.0-preview_release | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 | |
| Mozilla Firefox | =1.0.6 | |
| Mozilla Firefox | =1.0.7 | |
| Mozilla Firefox | =1.0.8 | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Firefox | =1.5.0.1 | |
| Mozilla Firefox | =1.5.0.2 | |
| Mozilla Firefox | =1.5.0.3 | |
| Mozilla Firefox | =1.5.0.4 | |
| Mozilla Firefox | =1.5.0.5 | |
| Mozilla Firefox | =1.5.0.6 | |
| Mozilla Firefox | =1.5.0.7 | |
| Mozilla Firefox | =1.5.0.8 | |
| Mozilla Firefox | =1.5.0.9 | |
| Mozilla Firefox | =1.5.0.10 | |
| Mozilla Firefox | =1.5.0.11 | |
| Mozilla Firefox | =1.5.0.12 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =1.5.2 | |
| Mozilla Firefox | =1.5.3 | |
| Mozilla Firefox | =1.5.4 | |
| Mozilla Firefox | =1.5.5 | |
| Mozilla Firefox | =1.5.6 | |
| Mozilla Firefox | =1.5.7 | |
| Mozilla Firefox | =1.5.8 | |
| Mozilla Firefox | =1.8 | |
| Mozilla Firefox | =2.0 | |
| Mozilla Firefox | =2.0-beta_1 | |
| Mozilla Firefox | =2.0-beta1 | |
| Mozilla Firefox | =2.0-rc2 | |
| Mozilla Firefox | =2.0-rc3 | |
| Mozilla Firefox | =2.0.0.1 | |
| Mozilla Firefox | =2.0.0.2 | |
| Mozilla Firefox | =2.0.0.3 | |
| Mozilla Firefox | =2.0.0.4 | |
| Mozilla Firefox | =2.0.0.5 | |
| Mozilla Firefox | =2.0.0.6 | |
| Mozilla Firefox | =2.0.0.7 | |
| Mozilla Firefox | =2.0.0.8 | |
| Mozilla Firefox | =2.0.0.9 | |
| Mozilla Firefox | =2.0.0.10 | |
| Mozilla Firefox | =2.0.0.11 | |
| Mozilla Firefox | =2.0.0.12 | |
| Mozilla Firefox | =2.0.0.13 | |
| Mozilla Firefox | =2.0.0.14 | |
| Mozilla Firefox | =2.0.0.15 | |
| Mozilla Firefox | =2.0.0.16 | |
| Mozilla Firefox | =2.0.0.17 | |
| Mozilla Firefox | =2.0.0.18 | |
| Mozilla Firefox | =2.0.0.19 | |
| Mozilla Firefox | =2.0.0.20 | |
| Mozilla Firefox | =2.0.0.21 | |
| Mozilla Firefox | =2.0_.1 | |
| Mozilla Firefox | =2.0_.4 | |
| Mozilla Firefox | =2.0_.5 | |
| Mozilla Firefox | =2.0_.6 | |
| Mozilla Firefox | =2.0_.7 | |
| Mozilla Firefox | =2.0_.9 | |
| Mozilla Firefox | =2.0_.10 | |
| Mozilla Firefox | =2.0_8 | |
| Mozilla Firefox | =3.0 | |
| Mozilla Firefox | =3.0.1 | |
| Mozilla Firefox | =3.0.2 | |
| Mozilla Firefox | =3.0.3 | |
| Mozilla Firefox | =3.0.4 | |
| Mozilla Firefox | =3.0.5 | |
| Mozilla Firefox | =3.0.6 | |
| Mozilla Firefox | =3.0.7 | |
| Mozilla Firefox | =3.0.8 | |
| Mozilla Firefox | =3.0.9 | |
| Mozilla Firefox | =3.0.10 | |
| Mozilla Firefox | =3.0.11 | |
| Mozilla Firefox | =3.0.12 | |
| Mozilla Firefox | =3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=500254
- http://bugs.gentoo.org/280393
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663
- https://bugzilla.mozilla.org/attachment.cgi?id=384979
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356685&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356685&action=edit
- http://svn.xiph.org/trunk/vorbis/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356686
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356686&action=edit
- http://admin.fedoraproject.org/updates/libvorbis-1.2.0-6.fc10
- http://admin.fedoraproject.org/updates/libvorbis-1.2.0-8.fc11
- https://rhn.redhat.com/errata/RHSA-2009-1219.html
- https://bugzilla.redhat.com/show_bug.cgi?id=516259
- http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
- http://www.vupen.com/english/advisories/2009/2142
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00481.html
- http://secunia.com/advisories/36126
- http://www.securityfocus.com/bid/35927
- http://www.vupen.com/english/advisories/2009/2223
- http://secunia.com/advisories/36263
- http://secunia.com/advisories/36230
- http://secunia.com/advisories/36463
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
- http://www.securityfocus.com/bid/36018
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9506
- https://usn.ubuntu.com/825-1/
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2663
- agent/trending
- agent/tags
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/0.1
- version/mozilla firefox/0.9_rc
- version/mozilla firefox/0.8
- version/mozilla firefox/2.0.0.12
- version/mozilla firefox/1.5-beta2
- version/mozilla firefox/2.0_.7
- version/mozilla firefox/3.0.7
- version/mozilla firefox/1.5.2
- version/mozilla firefox/3.0.9
- version/mozilla firefox/1.5.0.6
- version/mozilla firefox/1.8
- version/mozilla firefox/2.0.0.2
- version/mozilla firefox/1.5.0.10
- version/mozilla firefox/1.5.0.3
- version/mozilla firefox/3.0.8
- version/mozilla firefox/1.5.0.11
- version/mozilla firefox/1.4.1
- version/mozilla firefox/1.5.4
- version/mozilla firefox/1.0.2
- version/mozilla firefox/3.5
- version/mozilla firefox/3.0.4
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/2.0_8
- version/mozilla firefox/2.0_.9
- version/mozilla firefox/3.0.5
- version/mozilla firefox/1.5
- version/mozilla firefox/0.9.1
- version/mozilla firefox/1.0.4
- version/mozilla firefox/2.0.0.7
- version/mozilla firefox/1.0.7
- version/mozilla firefox/2.0.0.9
- version/mozilla firefox/0.10.1
- version/mozilla firefox/2.0_.1
- version/mozilla firefox/0.9
- version/mozilla firefox/2.0.0.16
- version/mozilla firefox/1.5.6
- version/mozilla firefox/2.0.0.17
- version/mozilla firefox/0.7
- version/mozilla firefox/2.0.0.15
- version/mozilla firefox/3.0.10
- version/mozilla firefox/0.2
- version/mozilla firefox/0.3
- version/mozilla firefox/2.0_.10
- version/mozilla firefox/3.0.12
- version/mozilla firefox/1.0
- version/mozilla firefox/3.0.3
- version/mozilla firefox/1.5.0.7
- version/mozilla firefox/2.0
- version/mozilla firefox/3.5.1
- version/mozilla firefox/1.0.1
- version/mozilla firefox/2.0-beta1
- version/mozilla firefox/2.0.0.14
- version/mozilla firefox/0.6
- version/mozilla firefox/0.7.1
- version/mozilla firefox/3.0.6
- version/mozilla firefox/1.5.0.8
- version/mozilla firefox/2.0_.5
- version/mozilla firefox/1.0.6
- version/mozilla firefox/2.0.0.3
- version/mozilla firefox/1.5.0.9
- version/mozilla firefox/1.5.0.5
- version/mozilla firefox/1.5.7
- version/mozilla firefox/1.5.0.12
- version/mozilla firefox/2.0.0.6
- version/mozilla firefox/3.0
- version/mozilla firefox/2.0.0.11
- version/mozilla firefox/1.5.0.2
- version/mozilla firefox/1.0.3
- version/mozilla firefox/3.0.1
- version/mozilla firefox/2.0.0.4
- version/mozilla firefox/0.5
- version/mozilla firefox/0.6.1
- version/mozilla firefox/1.5.1
- version/mozilla firefox/2.0.0.21
- version/mozilla firefox/0.9.3
- version/mozilla firefox/2.0.0.13
- version/mozilla firefox/2.0.0.18
- version/mozilla firefox/2.0-rc2
- version/mozilla firefox/2.0.0.1
- version/mozilla firefox/3.0.2
- version/mozilla firefox/2.0_.6
- version/mozilla firefox/2.0_.4
- version/mozilla firefox/1.5.5
- version/mozilla firefox/0.9.2
- version/mozilla firefox/1.0-preview_release
- version/mozilla firefox/2.0-beta_1
- version/mozilla firefox/2.0.0.20
- version/mozilla firefox/2.0.0.8
- version/mozilla firefox/0.9-rc
- version/mozilla firefox/2.0.0.19
- version/mozilla firefox/1.5.8
- version/mozilla firefox/1.5.3
- version/mozilla firefox/0.4
- version/mozilla firefox/1.5.0.4
- version/mozilla firefox/1.5.0.1
- version/mozilla firefox/0.10
- version/mozilla firefox/1.0.5
- version/mozilla firefox/2.0.0.5
- version/mozilla firefox/2.0.0.10
- version/mozilla firefox/2.0-rc3
- version/mozilla firefox/1.0.8
- version/mozilla firefox/3.0.11