CVE-2008-1419

Publication date 16 May 2008

Last updated 24 July 2024

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvorbis	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 1.2.0.dfsg-2ubuntu0.1
	7.10 gutsy	Fixed 1.2.0.dfsg-1ubuntu0.1
	7.04 feisty	Ignored
	6.06 LTS dapper	Fixed 1.1.2-0ubuntu2.3

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvorbis	Upstream: https://trac.xiph.org/changeset/14602 Vendor: https://bugzilla.redhat.com/show_bug.cgi?id=440700 Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-682-1
libvorbis vulnerabilities
1 December 2008

Other references

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518
https://www.cve.org/CVERecord?id=CVE-2008-1419