GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Sep 07, 2009 2:26 am Post subject: [ GLSA 200909-02 ] libvorbis: User-assisted execution of arb |
 |
|
Gentoo Linux Security Advisory
Title: libvorbis: User-assisted execution of arbitrary code (GLSA 200909-02)
Severity: normal
Exploitable: remote
Date: September 07, 2009
Bug(s): #280590
ID: 200909-02
Synopsis
A processing error in libvorbis might result in the execution of arbitrary
code or a Denial of Service.
Background
libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
audio file format. It is used by many applications for playback of Ogg
Vorbis files.
Affected Packages
Package: media-libs/libvorbis
Vulnerable: < 1.2.3
Unaffected: >= 1.2.3
Architectures: All supported architectures
Description
Lucas Adamski reported that libvorbis does not correctly process file
headers, related to static mode headers and encoding books.
Impact
A remote attacker could entice a user to play a specially crafted OGG
Vorbis file using an application that uses libvorbis, possibly
resulting in the execution of arbitrary code with the privileges of the
user running the application, or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All libvorbis users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.3" |
References
CVE-2009-2663
Last edited by GLSA on Tue May 29, 2012 4:27 am; edited 5 times in total |
|
News & Announcements
