Vulnerability Details : CVE-2008-1423
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2008-1423
- cpe:2.3:a:xiph.org:libvorbis:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xiph.org:libvorbis:1.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1423
6.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1423
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-1423
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1423
-
http://www.vupen.com/english/advisories/2008/1510/references
Site en constructionBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
[SECURITY] Fedora 7 Update: libvorbis-1.1.2-4.fc7Mailing List
-
https://bugzilla.redhat.com/show_bug.cgi?id=440709
440709 – (CVE-2008-1423) CVE-2008-1423 vorbis: integer oveflow caused by huge codebooksIssue Tracking
-
http://secunia.com/advisories/30247
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://secunia.com/advisories/30234
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://www.securitytracker.com/id?1020029
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851
404 Not Found
-
http://www.debian.org/security/2008/dsa-1591
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/29206
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/30581
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0270.html
SupportNot Applicable
-
http://security.gentoo.org/glsa/glsa-200806-09.xml
libvorbis: Multiple vulnerabilities (GLSA 200806-09) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/30479
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://secunia.com/advisories/30820
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://secunia.com/advisories/30259
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://secunia.com/advisories/32946
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0271.html
SupportNot Applicable
-
http://www.ubuntu.com/usn/USN-682-1
USN-682-1: libvorbis vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
[SECURITY] Fedora 9 Update: libvorbis-1.2.0-4.fc9Mailing List
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
MandrivaBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
[SECURITY] Fedora 8 Update: libvorbis-1.2.0-2.fc8Mailing List
-
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:012 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42403
libvorbis quantvals and quantlist buffer overflow CVE-2008-1423 Vulnerability Report
-
http://secunia.com/advisories/30237
About Secunia Research | FlexeraPermissions Required;Third Party Advisory
Jump to