Definition

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook which triggers a heap overflow.

oval:org.mitre.oval:def:9851

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook which triggers a heap overflow.

Family:

unix

Status:

ACCEPTED

Platform(s):

Red Hat Enterprise Linux 4
Oracle Linux 4
CentOS Linux 3
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
CentOS Linux 4

Class:

vulnerability

Reference(s):

CVE-2008-1423

Product(s):