CVE-2008-1420

Name of the Vulnerable Software and Affected Versions libvorbis versions prior to 1.2.1 rc1 libvorbis versions 1.0rc2 through 1.2.0

Description The issue is related to multiple vulnerabilities in the libvorbis package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in residue partition value evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, triggering a heap overflow.

Recommendations For libvorbis versions prior to 1.2.1 rc1, update to version 1.2.1 rc1 or later to resolve the issue. For libvorbis versions 1.0rc2 through 1.2.0, update to version 1.2.1 rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to libvorbis until a patch is available.