CVE-2008-0797

Name of the Vulnerable Software and Affected Versions iTheora version 1.0 rc1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using directory traversal sequences in the url parameter of the lib/download.php file.

Recommendations For iTheora version 1.0 rc1, consider restricting access to the lib/download.php file until a patch is available. As a temporary workaround, avoid using the url parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.