Debian Linux Security Advisory 1939-1 - Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
b5d4f50cab06384c44a232fdafe149a8abea9e2b7b780c95182e51d6ab7b6b3f
Gentoo Linux Security Advisory GLSA 200909-02 - A processing error in libvorbis might result in the execution of arbitrary code or a Denial of Service. Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encoding books. Versions less than 1.2.3 are affected.
3db46e8f6b021b9aa675c9ea1c2d0d31850c43c186f9bcd7061f1cd61c7f6fb4
Ubuntu Security Notice USN-825-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
8bef4480933a4d21cc6a8770649ffc4e16083884235f172f738cc95a2f1421f3