Launchpad.net

CVE 2009-2663

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

Related bugs and status

CVE-2009-2663 (Candidate) is related to these bugs:

Bug #413528: Sync libvorbis 1.2.0.dfsg-6 (main) from Debian unstable (main).

Summary				In	Importance	Status
	413528	Sync libvorbis 1.2.0.dfsg-6 (main) from Debian unstable (main).		libvorbis (Ubuntu)	Wishlist	Fix Released

Bug #418059: libvorbis out of date

Summary				In	Importance	Status
	418059	libvorbis out of date		libvorbis (Ubuntu)	Undecided	Fix Released
	418059	libvorbis out of date		libvorbis (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
VUPEN: ADV-2009-2142
FEDORA: FEDORA-2009-8279
FEDORA: FEDORA-2009-8288
FEDORA: FEDORA-2009-8445
SECUNIA: 36126
CONFIRM: https://bugzilla.redha...
BID: 35927
SECUNIA: 36230
SECUNIA: 36263
VUPEN: ADV-2009-2223
SECUNIA: 36463
SUNALERT: 266148
BID: 36018
SUSE: SUSE-SR:2010:014
XF: libvorbis-codec-dos(52...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-825-1