Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/libvorbis@1.1.2.dfsg-1.2 |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | libvorbis |
|---|
| Version | 1.1.2.dfsg-1.2 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 1.3.6-2 |
|---|
| Latest_non_vulnerable_version | 1.3.6-2 |
|---|
| Affected_by_vulnerabilities |
| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-j8zw-dg26-hfbe |
| vulnerability_id |
VCID-j8zw-dg26-hfbe |
| summary |
Mozilla upgraded several third party libraries used in media
rendering to address multiple memory safety and stability bugs
identified by members of the Mozilla community. Some of the bugs
discovered could potentially be used by an attacker to crash a
victim's browser and execute arbitrary code on their
computer. liboggz, libvorbis,
and liboggplay were all upgraded to address these
issues.Audio and video capabilities were added in Firefox 3.5
so prior releases of Firefox were not affected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2009-3379
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe |
|
| 3 |
| url |
VCID-k4pn-yxd9-h3ad |
| vulnerability_id |
VCID-k4pn-yxd9-h3ad |
| summary |
Mozilla upgraded several third party libraries used in media
rendering to address multiple memory safety and stability bugs
identified by members of the Mozilla community. Some of the bugs
discovered could potentially be used by an attacker to crash a
victim's browser and execute arbitrary code on their
computer. liboggz, libvorbis,
and liboggplay were all upgraded to address these
issues.Audio and video capabilities were added in Firefox 3.5
so prior releases of Firefox were not affected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2009-2663
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k4pn-yxd9-h3ad |
|
| 4 |
|
| 5 |
| url |
VCID-nbbh-ws5y-3uh4 |
| vulnerability_id |
VCID-nbbh-ws5y-3uh4 |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative the possibility of memory corruption during
the decoding of Ogg Vorbis files. This can cause a crash during decoding and has
the potential for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0444
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4 |
|
| 6 |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.1.2.dfsg-1.2 |
|---|