Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2009

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2009
Last Modified 07 Mar 2011 10:08:34
Published 16 May 2008 08:54:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2009

Summary

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Vulnerable Systems

Application

  • Xiph Libvorbis


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=444443

VUPEN - ADV-2008-1510

UBUNTU - USN-861-1

XF - libvorbis-makedecodetree-dos(42521)

SECTRACK - 1020029

REDHAT - RHSA-2008:0271

SECUNIA - 30247


Last Updated: 27 May 2016 10:47:44