Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1419 libvorbis does not properly handle a zero value which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. CVE-2008-1420 Integer overflow in libvorbis allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. CVE-2008-1423 Integer overflow in libvorbis allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file which triggers a heap overflow. For the stable distribution (etch), these problems have been fixed in version 1.1.2.dfsg-1.4. For the unstable distribution (sid), these problems have been fixed in version 1.2.0.dfsg-3.1. We recommend that you upgrade your libvorbis package.
Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. The Common Vulnerabilities and Exposures project identifies the following problems:
libvorbis does not properly handle a zero value which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Integer overflow in libvorbis allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Integer overflow in libvorbis allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file which triggers a heap overflow.
For the stable distribution (etch), these problems have been fixed in version 1.1.2.dfsg-1.4.
For the unstable distribution (sid), these problems have been fixed in version 1.2.0.dfsg-3.1.
We recommend that you upgrade your libvorbis package.
MD5 checksums of the listed files are available in the original advisory.