DSA-2045-1 libtheora -- integer overflowID: oval:org.secpod.oval:def:600109 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service , and possibly arbitrary code execution. For the stable distribution , this problem has been fixed in version 1.0~beta3-1+lenny1. For the testing distribution , this problem has been fixed in version 1.1.0-1. For the testing distribution , this problem has been fixed in version 1.1.0-1. We recommend that you upgrade your libtheora packages.