VYPR
Unrated severityNVD Advisory· Published May 16, 2008· Updated Jun 16, 2026

CVE-2008-1423

CVE-2008-1423

Description

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:xiph.org:libvorbis:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.2.0:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2.0

Patches

Vulnerability mechanics

References

24

News mentions

0

No linked articles in our index yet.