Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-2009

Published: 16/05/2008 Updated: 29/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Xiph.org

Vulnerability Summary

Xiph.org libvorbis prior to 1.0 does not properly check for underpopulated Huffman trees, which allows remote malicious users to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Vulnerable Product Search on Vulmon Subscribe to Product

xiph.org libvorbis 1.0

canonical ubuntu linux 8.04

canonical ubuntu linux 8.10

canonical ubuntu linux 9.04

canonical ubuntu linux 9.10

Vendor Advisories

Ubuntu Security Notice: libvorbis vulnerabilities
It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service (CVE-2008-2009) ...
Debian CVElist Bug Report Logs: libvorbisidec: multiple longstanding unfixed security issues in libvorbis
Debian Bug report logs - #669196 libvorbisidec: multiple longstanding unfixed security issues in libvorbis Package: libvorbisidec; Maintainer for libvorbisidec is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Wed, 18 Apr 2012 03:21:01 UTC ...
Debian CVElist Bug Report Logs: libvorbis0a: potential security patch, needs review
Debian Bug report logs - #482039 libvorbis0a: potential security patch, needs review Package: libvorbis0a; Maintainer for libvorbis0a is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for libvorbis0a is src:libvorbis (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxd ...

References

NVD-CWE-Otherhttps://bugzilla.redhat.com/show_bug.cgi?id=444443http://www.redhat.com/support/errata/RHSA-2008-0271.htmlhttp://www.securitytracker.com/id?1020029http://secunia.com/advisories/30247http://www.ubuntu.com/usn/USN-861-1http://www.vupen.com/english/advisories/2008/1510/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42521https://usn.ubuntu.com/861-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook