[UNIX] libvorbis Multiple Memory Corruption Flaws
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 29 Jul 2007 11:20:36 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
libvorbis Multiple Memory Corruption Flaws
libvorbis 1.1.2 contains several vulnerabilities allowing heap overwrite,
read violations and a function pointer overwrite. These bugs cause a at
least a denial of service, and potentially code execution.
* libvorbis version 1.1.2 and prior
* libvorbis version 1.2.0 and newer
Invalid blocksize_0 and blocksize_1 values result in a heap overwrite in
the _01inverse() function of res0.c.
An invalid mapping type causes an out of bounds dispatch table lookup,
offset by an attacker-controlled value, during cleanup in
vorbis_info_clear() in info.c.
Additionally, invalid blocksize values cause a segmentation fault on read
These issues are resolved in libvorbis 1.2.0, available at:
The information has been provided by <mailto:david@xxxxxxxxxxxxxxxx>
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability
- Next by Date: [NT] Panda Software AdminSecure Agent Heap Overflow Vulnerability
- Previous by thread: [NT] BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability
- Next by thread: [NT] Panda Software AdminSecure Agent Heap Overflow Vulnerability