Ubuntu Security Notice USN-825-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
8bef4480933a4d21cc6a8770649ffc4e16083884235f172f738cc95a2f1421f3Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
6a829afc627e391e4662d6ed1b4d39f7bc2ca2ec7ec73fc8ea22755542bf2325Gentoo Linux Security Advisory GLSA 200806-09:02 - Multiple vulnerabilities in libvorbis might lead to the execution of arbitrary code. Versions less than 1.2.1_rc1 are affected.
ca3702942e78af2a87c60e0c2bed843a6183741d27daad7e615e1d440c994276Debian Security Advisory 1591-1 - Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. libvorbis does not properly handle a zero value which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. Integer overflow in libvorbis allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Integer overflow in libvorbis allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file which triggers a heap overflow.
5cbc1c4257a832ae7221c8430db4f565a983d55995d8984353d9335f85399dd1Mandriva Linux Security Advisory - Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitrary code when opened.
b2632b2204fce079d6ef4e025581166e3b43e6874925cba60843d3d81c1b7fd8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed