USN-825-1 -- libvorbis vulnerabilityID: oval:org.secpod.oval:def:700390 | Date: (C)2011-05-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. Original advisory details: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges
Platform: |
Ubuntu 8.10 |
Ubuntu 8.04 |
Ubuntu 9.04 |