CVE-2008-1419
Published: 16 May 2008
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
libvorbis Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.2-0ubuntu2.3)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.2.0.dfsg-1ubuntu0.1)
|
|
hardy |
Released
(1.2.0.dfsg-2ubuntu0.1)
|
|
intrepid |
Not vulnerable
(1.2.0.dfsg-3.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://trac.xiph.org/changeset/14602 vendor: https://bugzilla.redhat.com/show_bug.cgi?id=440700 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518 |