CVE-2008-1419

Name of the Vulnerable Software and Affected Versions libvorbis versions 1.0rc2 through 1.2.0 libvorbis-devel version 1.0rc2

Description The issue affects the libvorbis package, allowing remote attackers to exploit multiple vulnerabilities, potentially leading to a denial of service, integer overflow, or disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be triggered by a zero value for codebook.dim, causing a crash or infinite loop.

Recommendations For libvorbis versions 1.0rc2 through 1.2.0, update to a version later than 1.2.0 to resolve the issue. For libvorbis-devel version 1.0rc2, update to a version later than 1.0rc2 to resolve the issue. As a temporary workaround, consider restricting access to the libvorbis package until a patch is available.