Vulnerability Details : CVE-2008-1420
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-1420
- cpe:2.3:a:xiph.org:libvorbis:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1420
4.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1420
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-1420
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1420
-
http://www.vupen.com/english/advisories/2008/1510/references
Site en constructionBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
[SECURITY] Fedora 7 Update: libvorbis-1.1.2-4.fc7Mailing List
-
http://www.securitytracker.com/id?1020029
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2008/dsa-1591
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/29206
-
http://www.redhat.com/support/errata/RHSA-2008-0270.html
SupportNot Applicable
-
http://security.gentoo.org/glsa/glsa-200806-09.xml
libvorbis: Multiple vulnerabilities (GLSA 200806-09) — Gentoo securityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=440706
440706 – (CVE-2008-1420) CVE-2008-1420 vorbis: integer overflow in partvals computationIssue Tracking
-
http://www.redhat.com/support/errata/RHSA-2008-0271.html
SupportNot Applicable
-
http://www.ubuntu.com/usn/USN-682-1
USN-682-1: libvorbis vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500
404 Not Found
-
https://usn.ubuntu.com/825-1/
404: Page not found | Ubuntu
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
[SECURITY] Fedora 9 Update: libvorbis-1.2.0-4.fc9Mailing List
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
MandrivaBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42402
libvorbis residue partition values buffer overflow CVE-2008-1420 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
[SECURITY] Fedora 8 Update: libvorbis-1.2.0-2.fc8Mailing List
-
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:012 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
Jump to