6.8

CVE-2008-1420

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xiph.OrgLibvorbis Version1.0.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.0.1
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.1.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.1.1
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.2.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.12
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.13% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
http://secunia.com/advisories/30581
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30234
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30237
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30247
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30259
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30479
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30820
Third Party Advisory
Permissions Required
http://secunia.com/advisories/32946
Third Party Advisory
Permissions Required
http://www.securitytracker.com/id?1020029
Third Party Advisory
VDB Entry
http://secunia.com/advisories/36463
Third Party Advisory
Permissions Required