Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2009


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2009
Last Modified 07 Mar 2011 10:08:34
Published 16 May 2008 08:54:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE


Summary libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Vulnerable Systems


  • Xiph Libvorbis



VUPEN - ADV-2008-1510

UBUNTU - USN-861-1

XF - libvorbis-makedecodetree-dos(42521)

SECTRACK - 1020029

REDHAT - RHSA-2008:0271

SECUNIA - 30247

Last Updated: 27 May 2016 10:47:44