FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvorbis -- multiple vulnerabilities

Affected packages
libvorbis < 1.2.3_1,3

Details

VuXML ID 94edff42-d93d-11de-a434-0211d880e350
Discovery 2009-11-24
Entry 2009-11-24

The Ubuntu security team reports:

It was discovered that libvorbis did not correctly handle certain malformed vorbis files. If a user were tricked into opening a specially crafted vorbis file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.

References

CVE Name CVE-2008-1420
CVE Name CVE-2009-3379