CVE-2008-1419

Published: May 16, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

Affected (6)

Products: Xiph.org: Libvorbis

Xiph.org

1 product

Libvorbis

Configuration A

6 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Xiph.org Libvorbis	Version 1.0.0
Xiph.org Libvorbis	Version 1.0.1
Xiph.org Libvorbis	Version 1.1.0
Xiph.org Libvorbis	Version 1.1.1
Xiph.org Libvorbis	Version 1.12
Xiph.org Libvorbis	Version 1.2.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 5
Redhat Enterprise Linux	Version 5
Redhat Linux Advanced Workstation	Version 2.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (50)

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/30234

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30237

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30247

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30259

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30479

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30581

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30820

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/32946

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://security.gentoo.org/glsa/glsa-200806-09.xml

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2008/dsa-1591

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:102

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0270.html

Source: cve@mitre.org

Not Applicable

http://www.redhat.com/support/errata/RHSA-2008-0271.html

Source: cve@mitre.org

Not Applicable

http://www.securityfocus.com/bid/29206

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1020029

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-682-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1510/references

Source: cve@mitre.org

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=440700

Source: cve@mitre.org

ExploitIssue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/42397

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42400

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html

Source: cve@mitre.org

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html

Source: cve@mitre.org

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html