CVE-2008-1419

Exploit

EPSS 13.14%
Published 16.05.2008 12:54:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 28

Data is provided by the National Vulnerability Database (NVD)

Xiph.Org ≫ Libvorbis Version1.0.0

   Redhat ≫ Enterprise Linux Version2.1 Editionas
   Redhat ≫ Enterprise Linux Version2.1 Editiones
   Redhat ≫ Enterprise Linux Version2.1 Editionws
   Redhat ≫ Enterprise Linux Version4.0
   Redhat ≫ Enterprise Linux Version5 Editionclient
   Redhat ≫ Enterprise Linux Version5 Editionclient_workstation
   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium

Xiph.Org ≫ Libvorbis Version1.0.1

Xiph.Org ≫ Libvorbis Version1.1.0

Xiph.Org ≫ Libvorbis Version1.1.1

Xiph.Org ≫ Libvorbis Version1.2.0

Xiph.Org ≫ Libvorbis Version1.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.14%	0.939

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

Third Party Advisory

http://secunia.com/advisories/30581

Third Party Advisory

Permissions Required

http://secunia.com/advisories/30234

Third Party Advisory

Permissions Required

http://secunia.com/advisories/30237

Third Party Advisory

Permissions Required

http://secunia.com/advisories/30247