Chris Montgomery

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.2.0 Description: The issue affects the libvorbis package in Gentoo Linux and can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. In libvorbis, specifically in versions before 1.2.0, context-dependent attackers can cause a denial of service and possibly execute arbitrary code via invalid `blocksize 0` and `blocksize 1` values. These values can trigger a heap overwrite in the ` 01inverse` function. Recommendations: For libvorbis versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `libvorbis` library until a patch is available. Avoid using the `blocksize 0` and `blocksize 1` parameters with invalid values in the affected functions until the issue is resolved.