CVE-2008-2009 – vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree()
https://notcve.org/view.php?id=CVE-2008-2009
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. Xiph.org libvorbis versiones anteriores a 1.0 no comprueba apropiadamente para árboles poco poblados Huffman, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) a través de ficheros OGG manipulados que disparan una corrupción de memoria durante la ejecución de la función _make_decode_tree. • http://secunia.com/advisories/30247 http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.securitytracker.com/id?1020029 http://www.ubuntu.com/usn/USN-861-1 http://www.vupen.com/english/advisories/2008/1510/references https://bugzilla.redhat.com/show_bug.cgi?id=444443 https://exchange.xforce.ibmcloud.com/vulnerabilities/42521 https://access.redhat.com/security/cve/CVE-2008-2009 •
CVE-2007-4066 – Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
https://notcve.org/view.php?id=CVE-2007-4066
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. Múltiples desbordamientos de búfer Xiph.Org libvorbis versiones anteriores a 1.2.0 permiten a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio o tener otro impacto no especificado mediante un fichero OGG manipulado, también conocido como trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, y 13215, como se demuestra con un desbordamiento en oggenc.exe relativo al array _psy_noiseguards_8. • http://secunia.com/advisories/24923 http://secunia.com/advisories/26865 http://secunia.com/advisories/27099 http://secunia.com/advisories/27170 http://secunia.com/advisories/27439 http://secunia.com/advisories/28614 http://security.gentoo.org/glsa/glsa-200710-03.xml http://securitytracker.com/id?1018712 http://svn.xiph.org/trunk/vorbis/CHANGES http://www.debian.org/security/2008/dsa-1471 http://www.mandriva.com/security/advisories?name=MDKSA-2007:194 http://www.novell& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4065 – Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
https://notcve.org/view.php?id=CVE-2007-4065
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. lib/vorbisfile.c en libvorbisfile en Xiph.Org libvorbis anterior a 1.2.0 permite a atacantes dependientes del contexto provocar denegación de servicio (bucle infinito) a través de un archivo OGG, también conocido como trac Changeset 13217. • http://secunia.com/advisories/24923 http://secunia.com/advisories/26865 http://secunia.com/advisories/27099 http://secunia.com/advisories/27170 http://secunia.com/advisories/27439 http://security.gentoo.org/glsa/glsa-200710-03.xml http://securitytracker.com/id?1018712 http://svn.xiph.org/trunk/vorbis/CHANGES http://www.mandriva.com/security/advisories?name=MDKSA-2007:194 http://www.novell.com/linux/security/advisories/2007_23_sr.html http://www.redhat.com/support/errata •