[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-825-1 -- libvorbis vulnerability

ID: oval:org.secpod.oval:def:700390Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. Original advisory details: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user"s privileges

Platform:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product:
libvorbis
Reference:
USN-825-1
CVE-2008-1420
CVE-2009-2663
CVE    2
CVE-2009-2663
CVE-2008-1420
CPE    1
cpe:/o:ubuntu:ubuntu_linux:8.04

© 2013 SecPod Technologies