CVE - CVE-2008-1423

CVE-ID
CVE-2008-1423	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=440709 DEBIAN:DSA-1591 URL:http://www.debian.org/security/2008/dsa-1591 FEDORA:FEDORA-2008-3898 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html FEDORA:FEDORA-2008-3910 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html FEDORA:FEDORA-2008-3934 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html GENTOO:GLSA-200806-09 URL:http://security.gentoo.org/glsa/glsa-200806-09.xml MANDRIVA:MDVSA-2008:102 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 REDHAT:RHSA-2008:0270 URL:http://www.redhat.com/support/errata/RHSA-2008-0270.html REDHAT:RHSA-2008:0271 URL:http://www.redhat.com/support/errata/RHSA-2008-0271.html SUSE:SUSE-SR:2008:012 URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html UBUNTU:USN-682-1 URL:http://www.ubuntu.com/usn/USN-682-1 BID:29206 URL:http://www.securityfocus.com/bid/29206 OVAL:oval:org.mitre.oval:def:9851 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851 SECUNIA:32946 URL:http://secunia.com/advisories/32946 VUPEN:ADV-2008-1510 URL:http://www.vupen.com/english/advisories/2008/1510/references SECTRACK:1020029 URL:http://www.securitytracker.com/id?1020029 SECUNIA:30234 URL:http://secunia.com/advisories/30234 SECUNIA:30237 URL:http://secunia.com/advisories/30237 SECUNIA:30247 URL:http://secunia.com/advisories/30247 SECUNIA:30259 URL:http://secunia.com/advisories/30259 SECUNIA:30479 URL:http://secunia.com/advisories/30479 SECUNIA:30581 URL:http://secunia.com/advisories/30581 SECUNIA:30820 URL:http://secunia.com/advisories/30820 XF:libvorbis-quantvals-quantlist-bo(42403) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42403
Assigning CNA
N/A
Date Entry Created
20080320	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080320)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org