CVE-2008-2009

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

Published: May 16, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2009
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xiph.org / libvorbis	1.0-beta4	1.0-beta4.x
xiph.org / libvorbis	1.0-rc1	1.0-rc1.x
xiph.org / libvorbis	1.0-rc2	1.0-rc2.x
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	8.10	8.10.x
canonical / ubuntu_linux	9.10	9.10.x

http://secunia.com/advisories/30247
http://www.redhat.com/support/errata/RHSA-2008-0271.html
http://www.securitytracker.com/id?1020029
http://www.ubuntu.com/usn/USN-861-1
http://www.vupen.com/english/advisories/2008/1510/references
https://bugzilla.redhat.com/show_bug.cgi?id=444443
https://exchange.xforce.ibmcloud.com/vulnerabilities/42521

Vulnerability Database

289,784

CVE-2008-2009