Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and previous versions allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xiph.org libvorbis 1.0.0 |
||
xiph.org libvorbis 1.1.1 |
||
xiph.org libvorbis 1.1.2 |
||
xiph.org libvorbis 1.2.0 |
||
xiph.org libvorbis 1.0.1 |
||
xiph.org libvorbis 1.1.0 |