CVE-2009-2663

EUVD-2009-2656
libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 3.5.1
mozillafirefox
0.1
mozillafirefox
0.2
mozillafirefox
0.3
mozillafirefox
0.4
mozillafirefox
0.5
mozillafirefox
0.6
mozillafirefox
0.6.1
mozillafirefox
0.7
mozillafirefox
0.7.1
mozillafirefox
0.8
mozillafirefox
0.9
mozillafirefox
0.9:rc
mozillafirefox
0.9.1
mozillafirefox
0.9.2
mozillafirefox
0.9.3
mozillafirefox
0.9_rc:_rc
mozillafirefox
0.10
mozillafirefox
0.10.1
mozillafirefox
1.0
mozillafirefox
1.0:preview_release
mozillafirefox
1.0.1
mozillafirefox
1.0.2
mozillafirefox
1.0.3
mozillafirefox
1.0.4
mozillafirefox
1.0.5
mozillafirefox
1.0.6
mozillafirefox
1.0.6
mozillafirefox
1.0.7
mozillafirefox
1.0.8
mozillafirefox
1.4.1
mozillafirefox
1.5
mozillafirefox
1.5:beta1
mozillafirefox
1.5:beta2
mozillafirefox
1.5.0.1
mozillafirefox
1.5.0.2
mozillafirefox
1.5.0.3
mozillafirefox
1.5.0.4
mozillafirefox
1.5.0.5
mozillafirefox
1.5.0.6
mozillafirefox
1.5.0.7
mozillafirefox
1.5.0.8
mozillafirefox
1.5.0.9
mozillafirefox
1.5.0.10
mozillafirefox
1.5.0.11
mozillafirefox
1.5.0.12
mozillafirefox
1.5.1
mozillafirefox
1.5.2
mozillafirefox
1.5.3
mozillafirefox
1.5.4
mozillafirefox
1.5.5
mozillafirefox
1.5.6
mozillafirefox
1.5.7
mozillafirefox
1.5.8
mozillafirefox
1.8
mozillafirefox
2.0
mozillafirefox
2.0:beta_1
mozillafirefox
2.0:beta1
mozillafirefox
2.0:rc2
mozillafirefox
2.0:rc3
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
2.0.0.15
mozillafirefox
2.0.0.16
mozillafirefox
2.0.0.17
mozillafirefox
2.0.0.18
mozillafirefox
2.0.0.19
mozillafirefox
2.0.0.20
mozillafirefox
2.0.0.21
mozillafirefox
2.0_.1:_.1
mozillafirefox
2.0_.4:_.4
mozillafirefox
2.0_.5:_.5
mozillafirefox
2.0_.6:_.6
mozillafirefox
2.0_.7:_.7
mozillafirefox
2.0_.9:_.9
mozillafirefox
2.0_.10:_.10
mozillafirefox
2.0_8:_8
mozillafirefox
3.0
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvorbis
bookworm
1.3.7-1
fixed
bullseye
1.3.7-1
fixed
etch
not-affected
lenny
not-affected
sid
1.3.7-2
fixed
squeeze
no-dsa
trixie
1.3.7-2
fixed
libvorbisidec
bookworm
1.2.1+git20180316-7
fixed
bullseye
1.2.1+git20180316-7
fixed
etch
not-affected
lenny
not-affected
sid
1.2.1+git20180316-8
fixed
squeeze
no-dsa
trixie
1.2.1+git20180316-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
libvorbis
dapper
ignored
hardy
Fixed 1.2.0.dfsg-2ubuntu0.2
released
intrepid
Fixed 1.2.0.dfsg-3.1ubuntu0.8.10.1
released
jaunty
Fixed 1.2.0.dfsg-3.1ubuntu0.9.04.1
released
karmic
not-affected
xulrunner-1.9
dapper
dne
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
dne
xulrunner-1.9.1
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
released
karmic
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/36126
http://secunia.com/advisories/36230
http://secunia.com/advisories/36263
http://secunia.com/advisories/36463
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
http://www.securityfocus.com/bid/35927
http://www.securityfocus.com/bid/36018
http://www.vupen.com/english/advisories/2009/2142
http://www.vupen.com/english/advisories/2009/2223
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
https://bugzilla.redhat.com/show_bug.cgi?id=516259
https://exchange.xforce.ibmcloud.com/vulnerabilities/52397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9506
https://usn.ubuntu.com/825-1/
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00481.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/36126
http://secunia.com/advisories/36230
http://secunia.com/advisories/36263
http://secunia.com/advisories/36463
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
http://www.securityfocus.com/bid/35927
http://www.securityfocus.com/bid/36018
http://www.vupen.com/english/advisories/2009/2142
http://www.vupen.com/english/advisories/2009/2223
https://bugzilla.mozilla.org/show_bug.cgi?id=500254
https://bugzilla.redhat.com/show_bug.cgi?id=516259
https://exchange.xforce.ibmcloud.com/vulnerabilities/52397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9506
https://usn.ubuntu.com/825-1/
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00481.html