Xiph.org: >> Libvorbis >> 1.12 Security Vulnerabilities
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
CVSS Score
4.3
EPSS Score
0.114
Published
2008-05-16
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
CVSS Score
6.8
EPSS Score
0.065
Published
2008-05-16