Vigil@nce : libvorbis: several vulnerabilities
May 2008 by Vigil@nce
Several vulnerabilities of libvorbis lead to a denial of service
or to code execution when the victim opens an OGG audio file.
Gravity: 3/4
CVSS: 6.8/10
Consequences: user access/rights, denial of service of client
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/05/2008
Identifier: VIGILANCE-VUL-7825
AFFECTED PRODUCTS
– Red Hat Enterprise Linux versions AS 2.1, AW 2.1, ES 2.1, WS 2.1
[with libvorbis < 1.0rc2-9.el2]
– Red Hat Enterprise Linux versions AS 3, Desktop 3, ES 3, WS 3
[with libvorbis < 1.0-10.el3]
– Red Hat Enterprise Linux versions AS 4, Desktop 4, ES 4, WS 4
[with libvorbis < 1.1.0-3.el4]
– Red Hat Enterprise Linux versions Client 5, Server 5 [with
libvorbis < 1.1.2-3.el5_1.2]
Similar products or versions inferior to those indicated may also
be affected.
DESCRIPTION
The libvorbis library implements the Ogg Vorbis audio format. This
library is used in software to create or listen OGG files. Four
vulnerabilities were announced in libvorbis.
A short codebook creates an infinite loop or a heap overflow.
[grav:3/4; CVE-2008-1419]
A computation error in partvals creates an integer overflow.
[grav:2/4; CVE-2008-1420]
A long codebook creates an integer overflow. [grav:2/4;
CVE-2008-1423]
A memory corruption occurs in the _make_decode_tree() function,
used to decode a Huffman tree. [grav:3/4; CVE-2008-2009]
An attacker can therefore create a denial of service or execute
code when the victim opens an OGG audio file.
CHARACTERISTICS
Identifiers: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423,
CVE-2008-2009, RHSA-2008:0270-01, RHSA-2008:0271-01,
VIGILANCE-VUL-7825
CVSS score: 6.8/10
https://vigilance.aql.fr/tree/1/7825