Freely subscribe to our NEWSLETTER

Several vulnerabilities of libvorbis lead to a denial of service
or to code execution when the victim opens an OGG audio file.

Gravity: 3/4

CVSS: 6.8/10

Consequences: user access/rights, denial of service of client

Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/05/2008

Identifier: VIGILANCE-VUL-7825

AFFECTED PRODUCTS

– Red Hat Enterprise Linux versions AS 2.1, AW 2.1, ES 2.1, WS 2.1
[with libvorbis < 1.0rc2-9.el2]
– Red Hat Enterprise Linux versions AS 3, Desktop 3, ES 3, WS 3
[with libvorbis < 1.0-10.el3]
– Red Hat Enterprise Linux versions AS 4, Desktop 4, ES 4, WS 4
[with libvorbis < 1.1.0-3.el4]
– Red Hat Enterprise Linux versions Client 5, Server 5 [with
libvorbis < 1.1.2-3.el5_1.2]
Similar products or versions inferior to those indicated may also
be affected.

DESCRIPTION

The libvorbis library implements the Ogg Vorbis audio format. This
library is used in software to create or listen OGG files. Four
vulnerabilities were announced in libvorbis.

A short codebook creates an infinite loop or a heap overflow.
[grav:3/4; CVE-2008-1419]

A computation error in partvals creates an integer overflow.
[grav:2/4; CVE-2008-1420]

A long codebook creates an integer overflow. [grav:2/4;
CVE-2008-1423]

A memory corruption occurs in the _make_decode_tree() function,
used to decode a Huffman tree. [grav:3/4; CVE-2008-2009]

An attacker can therefore create a denial of service or execute
code when the victim opens an OGG audio file.

CHARACTERISTICS

Identifiers: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423,
CVE-2008-2009, RHSA-2008:0270-01, RHSA-2008:0271-01,
VIGILANCE-VUL-7825
CVSS score: 6.8/10
https://vigilance.aql.fr/tree/1/7825