CVE-2008-1420 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
xiph.org	libvorbis	1.0.0
xiph.org	libvorbis	1.0.1
xiph.org	libvorbis	1.1.0
xiph.org	libvorbis	1.1.1
xiph.org	libvorbis	1.2.0
xiph.org	libvorbis	1.12

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvorbis

bookworm	1.3.7-1 fixed
bullseye	1.3.7-1 fixed
sid	1.3.7-2 fixed
trixie	1.3.7-2 fixed

libvorbisidec

bookworm	1.2.1+git20180316-7 fixed
bullseye	1.2.1+git20180316-7 fixed
sid	1.2.1+git20180316-8 fixed
trixie	1.2.1+git20180316-8 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvorbis

dapper	Fixed 1.1.2-0ubuntu2.3 released
feisty	ignored
gutsy	Fixed 1.2.0.dfsg-1ubuntu0.1 released
hardy	Fixed 1.2.0.dfsg-2ubuntu0.1 released
intrepid	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libvorbis-devel

suse enterprise desktop 15	1.3.6-2.16 fixed
suse enterprise desktop 15 SP1	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP2	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP3	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP4	1.3.6-4.3.1 fixed
suse enterprise sap 15	1.3.6-2.16 fixed
suse enterprise sap 15 SP1	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP2	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP3	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP4	1.3.6-4.3.1 fixed
suse enterprise server 15	1.3.6-2.16 fixed
suse enterprise server 15 SP1	1.3.6-4.3.1 fixed
suse enterprise server 15 SP2	1.3.6-4.3.1 fixed
suse enterprise server 15 SP3	1.3.6-4.3.1 fixed
suse enterprise server 15 SP4	1.3.6-4.3.1 fixed

libvorbis-doc

suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 12	1.3.3-8.6 fixed
suse enterprise server 12 SP2	1.3.3-8.6 fixed
suse enterprise server 12 SP3	1.3.3-8.6 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed

libvorbis0

suse enterprise desktop 15	1.3.6-2.16 fixed
suse enterprise desktop 15 SP1	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP2	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP3	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP4	1.3.6-4.3.1 fixed
suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise sap 15	1.3.6-2.16 fixed
suse enterprise sap 15 SP1	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP2	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP3	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP4	1.3.6-4.3.1 fixed
suse enterprise server 12	1.3.3-8.6 fixed
suse enterprise server 12 SP2	1.3.3-8.6 fixed
suse enterprise server 12 SP3	1.3.3-8.6 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 15	1.3.6-2.16 fixed
suse enterprise server 15 SP1	1.3.6-4.3.1 fixed
suse enterprise server 15 SP2	1.3.6-4.3.1 fixed
suse enterprise server 15 SP3	1.3.6-4.3.1 fixed
suse enterprise server 15 SP4	1.3.6-4.3.1 fixed

libvorbis0-32bit

suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 12	1.3.3-8.23 fixed
suse enterprise server 12 SP2	1.3.3-8.23 fixed
suse enterprise server 12 SP3	1.3.3-8.23 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed

libvorbisenc2

suse enterprise desktop 15	1.3.6-2.16 fixed
suse enterprise desktop 15 SP1	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP2	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP3	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP4	1.3.6-4.3.1 fixed
suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise sap 15	1.3.6-2.16 fixed
suse enterprise sap 15 SP1	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP2	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP3	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP4	1.3.6-4.3.1 fixed
suse enterprise server 12	1.3.3-8.6 fixed
suse enterprise server 12 SP2	1.3.3-8.6 fixed
suse enterprise server 12 SP3	1.3.3-8.6 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 15	1.3.6-2.16 fixed
suse enterprise server 15 SP1	1.3.6-4.3.1 fixed
suse enterprise server 15 SP2	1.3.6-4.3.1 fixed
suse enterprise server 15 SP3	1.3.6-4.3.1 fixed
suse enterprise server 15 SP4	1.3.6-4.3.1 fixed

libvorbisenc2-32bit

suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 12	1.3.3-8.23 fixed
suse enterprise server 12 SP2	1.3.3-8.23 fixed
suse enterprise server 12 SP3	1.3.3-8.23 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed

libvorbisfile3

suse enterprise desktop 15	1.3.6-2.16 fixed
suse enterprise desktop 15 SP1	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP2	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP3	1.3.6-4.3.1 fixed
suse enterprise desktop 15 SP4	1.3.6-4.3.1 fixed
suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise sap 15	1.3.6-2.16 fixed
suse enterprise sap 15 SP1	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP2	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP3	1.3.6-4.3.1 fixed
suse enterprise sap 15 SP4	1.3.6-4.3.1 fixed
suse enterprise server 12	1.3.3-8.6 fixed
suse enterprise server 12 SP2	1.3.3-8.6 fixed
suse enterprise server 12 SP3	1.3.3-8.6 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 15	1.3.6-2.16 fixed
suse enterprise server 15 SP1	1.3.6-4.3.1 fixed
suse enterprise server 15 SP2	1.3.6-4.3.1 fixed
suse enterprise server 15 SP3	1.3.6-4.3.1 fixed
suse enterprise server 15 SP4	1.3.6-4.3.1 fixed

libvorbisfile3-32bit

suse enterprise sap 12 SP5	1.3.3-10.14.1 fixed
suse enterprise server 12	1.3.3-8.23 fixed
suse enterprise server 12 SP2	1.3.3-8.23 fixed
suse enterprise server 12 SP3	1.3.3-8.23 fixed
suse enterprise server 12 SP4	1.3.3-10.14.1 fixed
suse enterprise server 12 SP5	1.3.3-10.14.1 fixed

Common Weakness Enumeration

CWE-189 -

References

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

http://secunia.com/advisories/30234

http://secunia.com/advisories/30237

http://secunia.com/advisories/30247

http://secunia.com/advisories/30259

http://secunia.com/advisories/30479

http://secunia.com/advisories/30581

http://secunia.com/advisories/30820

http://secunia.com/advisories/32946

http://secunia.com/advisories/36463

http://security.gentoo.org/glsa/glsa-200806-09.xml

http://www.debian.org/security/2008/dsa-1591

http://www.mandriva.com/security/advisories?name=MDVSA-2008:102

http://www.redhat.com/support/errata/RHSA-2008-0270.html

http://www.redhat.com/support/errata/RHSA-2008-0271.html

http://www.securityfocus.com/bid/29206

http://www.securitytracker.com/id?1020029

http://www.ubuntu.com/usn/USN-682-1

http://www.vupen.com/english/advisories/2008/1510/references

https://bugzilla.redhat.com/show_bug.cgi?id=440706

https://exchange.xforce.ibmcloud.com/vulnerabilities/42402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500

https://usn.ubuntu.com/825-1/

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

http://secunia.com/advisories/30234

http://secunia.com/advisories/30237

http://secunia.com/advisories/30247

http://secunia.com/advisories/30259

http://secunia.com/advisories/30479

http://secunia.com/advisories/30581

http://secunia.com/advisories/30820

http://secunia.com/advisories/32946

http://secunia.com/advisories/36463

http://security.gentoo.org/glsa/glsa-200806-09.xml

http://www.debian.org/security/2008/dsa-1591

http://www.mandriva.com/security/advisories?name=MDVSA-2008:102

http://www.redhat.com/support/errata/RHSA-2008-0270.html

http://www.redhat.com/support/errata/RHSA-2008-0271.html

http://www.securityfocus.com/bid/29206

http://www.securitytracker.com/id?1020029

http://www.ubuntu.com/usn/USN-682-1

http://www.vupen.com/english/advisories/2008/1510/references

https://bugzilla.redhat.com/show_bug.cgi?id=440706

https://exchange.xforce.ibmcloud.com/vulnerabilities/42402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500

https://usn.ubuntu.com/825-1/

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html