libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rpath_linux | Rpath | 1 (including) | 1 (including) |
| Rpath_linux | Rpath | 1.0.1 (including) | 1.0.1 (including) |
| Rpath_linux | Rpath | 1.0.2 (including) | 1.0.2 (including) |
| Rpath_linux | Rpath | 1.0.3 (including) | 1.0.3 (including) |
| Rpath_linux | Rpath | 1.0.4 (including) | 1.0.4 (including) |
| Rpath_linux | Rpath | 1.0.5 (including) | 1.0.5 (including) |
| Rpath_linux | Rpath | 1.0.6 (including) | 1.0.6 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | libvorbis-0:1.0rc2-7.el2 | * |
| Red Hat Enterprise Linux 3 | RedHat | libvorbis-1:1.0-8.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | libvorbis-1:1.1.0-2.el4.5 | * |
| Red Hat Enterprise Linux 5 | RedHat | libvorbis-1:1.1.2-3.el5.0 | * |
| Libvorbis | Ubuntu | dapper | * |
| Libvorbis | Ubuntu | edgy | * |
| Libvorbis | Ubuntu | feisty | * |
| Libvorbis | Ubuntu | upstream | * |