REDHAT-BUG-516259: Input Validation
First published: Fri Aug 07 2009(Updated: )
An insufficient input validation flaw was found in the way libvorbis used to process codec file headers (static mode headers and encoding books) for the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file, which would lead to denial of service (memory corruption and application crash) or, potentially execute arbitrary code with the privileges of the application using the libvorbis library, when opened by the victim. References: ----------- <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=500254">https://bugzilla.mozilla.org/show_bug.cgi?id=500254</a> <a href="http://bugs.gentoo.org/280393">http://bugs.gentoo.org/280393</a> <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663</a> Reproducer: ----------- <a href="https://bugzilla.mozilla.org/attachment.cgi?id=384979">https://bugzilla.mozilla.org/attachment.cgi?id=384979</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libvorbisfile |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=500254
- http://bugs.gentoo.org/280393
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663
- https://bugzilla.mozilla.org/attachment.cgi?id=384979
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356685&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356685&action=edit
- http://svn.xiph.org/trunk/vorbis/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356686
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=356686&action=edit
- http://admin.fedoraproject.org/updates/libvorbis-1.2.0-6.fc10
- http://admin.fedoraproject.org/updates/libvorbis-1.2.0-8.fc11
- https://rhn.redhat.com/errata/RHSA-2009-1219.html
- https://bugzilla.redhat.com/show_bug.cgi?id=516259
Frequently Asked Questions
What is the severity of REDHAT-BUG-516259?
The vulnerability REDHAT-BUG-516259 has the potential to cause a denial of service through specially crafted Ogg files.
How do I fix REDHAT-BUG-516259?
To fix REDHAT-BUG-516259, you should update to the latest version of the libvorbis package provided by your vendor.
What component is affected by REDHAT-BUG-516259?
The component affected by REDHAT-BUG-516259 is the libvorbis codec used for processing Ogg Vorbis audio files.
Who is the vendor for the software impacted by REDHAT-BUG-516259?
The vendor for the software impacted by REDHAT-BUG-516259 is Xiph.org.
What type of vulnerability is REDHAT-BUG-516259?
REDHAT-BUG-516259 is classified as an insufficient input validation vulnerability.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2663
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/xiph.org
- canonical/libvorbisfile