cpe:/a:xiph.org:libvorbis:1.0.0 cpe:/a:xiph.org:libvorbis:1.0.1 cpe:/a:xiph.org:libvorbis:1.1.0 cpe:/a:xiph.org:libvorbis:1.1.1 cpe:/a:xiph.org:libvorbis:1.1.2 cpe:/a:xiph.org:libvorbis:1.2.0 CVE-2008-1423 2008-05-16T08:54:00.000-04:00 2017-09-28T21:30:42.003-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2016-11-08T10:07:59.753-05:00 ALLOWS_ADMIN_ACCESS SECTRACK 1020029 BID 29206 SECUNIA 30234 SECUNIA 30237 SECUNIA 30247 SECUNIA 30259 SECUNIA 30479 SECUNIA 30581 SECUNIA 30820 SECUNIA 32946 VUPEN ADV-2008-1510 DEBIAN DSA-1591 FEDORA FEDORA-2008-3898 FEDORA FEDORA-2008-3910 FEDORA FEDORA-2008-3934 GENTOO GLSA-200806-09 MANDRIVA MDVSA-2008:102 REDHAT RHSA-2008:0270 REDHAT RHSA-2008:0271 SUSE SUSE-SR:2008:012 UBUNTU USN-682-1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=440709 XF libvorbis-quantvals-quantlist-bo(42403) Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.