Vulnerability Database

299,584

Total vulnerabilities in the database

CVE-2008-1423

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

  • Published: May 16, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-1423
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
xiph.org / libvorbis 1.0.0 1.0.0.x
xiph.org / libvorbis 1.0.1 1.0.1.x
xiph.org / libvorbis 1.1.0 1.1.0.x
xiph.org / libvorbis 1.1.1 1.1.1.x
xiph.org / libvorbis 1.1.2 1.1.2.x
xiph.org / libvorbis 1.2.0 1.2.0.x