libvorbis
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libvorbis: Multiple vulnerabilities
Date: October 07, 2007
Bugs: #186716
ID: 200710-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libvorbis: User-assisted execution of arbitrary code
Date: September 07, 2009
Bugs: #280590
ID: 200909-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libvorbis: Multiple vulnerabilities
Date: June 23, 2008
Updated: June 23, 2008
Bugs: #222085
ID: 200806-09:02
the data allocation location, heap structure and error handlers of the
affected software. After overwriting a large amount of memory and
pointers with arbitrary data, code execution could then be redirected to
the attacker's payload located inside the FLAC file.
Vulnerability #2: VORBIS Comment String Size Field Heap Overflow
The second vulnerability lies within the parsing of any VORBIS Comment
String Size fields. Settings this fields to an overly large size, such
as 0xFFFFFFF, could also result in another heap-based overflow allowing
arbitrary code to execute in the content of the decoding program.
Similar to the Metadata Block Size Overflow vulnerability above,
===========================================================
Ubuntu Security Notice USN-825-1 August 24, 2009
libvorbis vulnerability
CVE-2008-1420, CVE-2009-2663
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Debian Security Advisory DSA-1591-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 03, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libvorbis
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
Debian Bug : 482518
===========================================================
Ubuntu Security Notice USN-861-1 November 24, 2009
libvorbis vulnerabilities
CVE-2008-2009, CVE-2009-3379
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Mandriva Linux Security Advisory MDKSA-2007:167-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvorbis
Date : August 20, 2007
Affected: 2007.1
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-682-1 December 01, 2008
libvorbis vulnerabilities
CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Debian Security Advisory DSA-1939-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
November 24, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libvorbis
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
Debian bug : 540958
CVE Ids : CVE-2009-2663 CVE-2009-3379
Debian Security Advisory DSA-1471-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libvorbis
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-3106 CVE-2007-4029 CVE-2007-4066
Mandriva Linux Security Advisory MDKSA-2007:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvorbis
Date : October 10, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
===========================================================
Ubuntu Security Notice USN-498-1 August 16, 2007
libvorbis vulnerabilities
CVE-2007-3106, CVE-2007-4029
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Mandriva Linux Security Advisory MDKSA-2007:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvorbis
Date : August 18, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff".
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff".
"\xff\xff\xff\xff\xff\x93\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff".
"\xff\xff\xff\xff\xff\xff\x03vorbis\x1d\x00\x00".
"\x00Xiph.Org\x20libVor".
"bis\x20I\x2020040629\x03\x00".
"\x00\x00\x07\x20\x00\x00".
"ARTIST=";
$payload_len=8192;
Mandriva Linux Security Advisory MDVSA-2008:102
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvorbis
Date : May 16, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
necessary changes.
Details follow:
It was discovered that the Base64 decoding functions in GStreamer Base
Plugins did not properly handle large images in Vorbis file tags. If a user
were tricked into opening a specially crafted Vorbis file, an attacker
could possibly execute arbitrary code with user privileges.
Updated packages for Ubuntu 8.10:
Debian-specific: no
CVE Id(s) : CVE-2007-5301
Debian Bug : 446034
Erik Sjölund discovered a buffer overflow vulnerability in the Ogg
Vorbis input plugin of the alsaplayer audio playback application.
Successful exploitation of this vulnerability through the opening of a
maliciously-crafted Vorbis file could lead to the execution of
arbitrary code.
For the stable distribution (etch), the problem has been fixed in
Mozilla upgraded several third party libraries used in media rendering
to address multiple memory safety and stability bugs identified by
members of the Mozilla community. Some of the bugs discovered could
potentially be used by an attacker to crash a victim's browser and
execute arbitrary code on their computer. liboggz, libvorbis, and
liboggplay were all upgraded to address these issues (CVE-2009-3377,
CVE-2009-3379, CVE-2009-3378).
Mozilla developers and community members identified and fixed
several stability bugs in the browser engine used in Firefox and
======
2) Bug
======
The tags in the OGG Vorbis files are handled by the CPLI_ReadTag_OGG
function which uses sscanf for storing the tag's name and its value in
two stack buffers but the lack of size limiters in the format argument
results in a buffer-overflow.
From CPI_PlaylistItem.c:
The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc
http://sourceforge.net/projects/netjuke
===================================
/explore.php?do=list.artists&ge_id=SQL
/xml.php?do=show.tracks&id=SQL
/alphabet.php?do=alpha.albums&val=XSS
/random.php/XSS
Published: 2007-07-27
Rating: Moderate
Updated Versions:
libvorbis=/conary.rpath.com@rpl:devel//1/1.2.0-0.1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-4
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
if the user is tricked into opening a malformed media file or stream.
Affected and updated have been the implementations of the following
codecs and container formats:
- - the Vorbis audio codec
- - the Ogg container implementation
- - the FF Video 1 codec
- - the MPEG audio codec
- - the H264 video codec
- - the MOV container implementation
|
