[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-825-1 -- libvorbis vulnerability

ID: oval:org.secpod.oval:def:700390Date: (C)2011-05-13   (M)2017-11-27
Class: PATCHFamily: unix




It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. Original advisory details: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges

Platform:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product:
libvorbis
Reference:
USN-825-1
CVE-2008-1420
CVE-2009-2663
CVE    2
CVE-2009-2663
CVE-2008-1420
CPE    3
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© 2013 SecPod Technologies