VYPR
Unrated severityNVD Advisory· Published May 16, 2008· Updated Jun 16, 2026

CVE-2008-2009

CVE-2008-2009

Description

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:xiph.org:libvorbis:1.0:beta4:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:xiph.org:libvorbis:1.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:xiph.org:libvorbis:1.0:rc2:*:*:*:*:*:*
    • (no CPE)range: <1.0
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.