CVE-2008-1423

Name of the Vulnerable Software and Affected Versions libvorbis versions 1.2.0 and earlier libvorbis versions prior to 1.2.1 rc1

Description The issue is related to an integer overflow in certain calculations within the libvorbis package, which can be triggered by a crafted OGG file. This can lead to a denial of service or potentially allow remote attackers to execute arbitrary code. The vulnerability can be exploited remotely and may result in a violation of confidentiality, integrity, and availability of protected information.

Recommendations For libvorbis versions 1.2.0 and earlier, update to version 1.2.1 rc1 or later to resolve the issue. For libvorbis versions prior to 1.2.1 rc1, update to version 1.2.1 rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to libvorbis until a patch is available.