CVE-2008-1423

Published: May 16, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

Affected (6)

Products: Xiph.org: Libvorbis

Xiph.org

1 product

Libvorbis

Configuration A

6 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Xiph.org Libvorbis	Version 1.0.0
Xiph.org Libvorbis	Version 1.0.1
Xiph.org Libvorbis	Version 1.1.0
Xiph.org Libvorbis	Version 1.1.1
Xiph.org Libvorbis	Version 1.1.2
Xiph.org Libvorbis	Version 1.2.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 5
Redhat Enterprise Linux	Version 5
Redhat Linux Advanced Workstation	Version 2.1

Related CWEs

CWE-189

References (48)

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/30234

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30237

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30247

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30259

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30479

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30581

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/30820

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://secunia.com/advisories/32946

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://security.gentoo.org/glsa/glsa-200806-09.xml

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2008/dsa-1591

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:102

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0270.html

Source: cve@mitre.org

Not Applicable

http://www.redhat.com/support/errata/RHSA-2008-0271.html

Source: cve@mitre.org

Not Applicable

http://www.securityfocus.com/bid/29206

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1020029

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-682-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1510/references

Source: cve@mitre.org

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=440709

Source: cve@mitre.org

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/42403

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html

Source: cve@mitre.org

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html

Source: cve@mitre.org

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html