Gentoo Linux Security Advisory GLSA 200710-03 - David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.
7a907b2348ce906142b3aba0da5822b07995f88558fb4c797503d30416a2a1e2