VYPR
← All advisories
Unrated severityNVD Advisory· Published May 16, 2008· Updated Apr 23, 2026

CVE-2008-1420

CVE-2008-1420

Description

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Affected products

6
  • Xiph.org/Libvorbis6 versions
    cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.2.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

26

News mentions

0

No linked articles in our index yet.