6.8

CVE-2008-1420

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xiph.OrgLibvorbis Version1.0.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.0.1
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.1.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.1.1
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.2.0
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Xiph.OrgLibvorbis Version1.12
   RedhatEnterprise Linux Version2.1 Editionas
   RedhatEnterprise Linux Version2.1 Editiones
   RedhatEnterprise Linux Version2.1 Editionws
   RedhatEnterprise Linux Version4.0
   RedhatEnterprise Linux Version5 Editionclient
   RedhatEnterprise Linux Version5 Editionclient_workstation
   RedhatEnterprise Linux Version5.0
   RedhatLinux Advanced Workstation Version2.1 Editionitanium
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.32% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Third Party Advisory
http://secunia.com/advisories/30581
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30234
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30237
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30247
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30259
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30479
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30820
Third Party Advisory
Permissions Required
http://secunia.com/advisories/32946
Third Party Advisory
Permissions Required
http://security.gentoo.org/glsa/glsa-200806-09.xml
Third Party Advisory
http://www.debian.org/security/2008/dsa-1591
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0270.html
Not Applicable
http://www.redhat.com/support/errata/RHSA-2008-0271.html
Not Applicable
http://www.securityfocus.com/bid/29206
http://www.securitytracker.com/id?1020029
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-682-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1510/references
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
Mailing List
http://secunia.com/advisories/36463
Third Party Advisory
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=440706
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/42402
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500
https://usn.ubuntu.com/825-1/