VulnerableCode Package Details - pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3hj9-b58e-ckh4 Aliases: CVE-2008-1419		1.0.2+svn18153-0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ax5p-runb-3ba4 Aliases: CVE-2008-1423		1.0.2+svn18153-0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jwvr-ax6v-nbf4 Aliases: CVE-2012-0444	Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.	1.0.2+svn18153-0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vzuz-bdgn-4baa Aliases: CVE-2018-5147	The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.	1.0.2+svn18153-1~deb8u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.0.2+svn18153-1+deb9u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.2.1+git20180316-3 Affected by 0 other vulnerabilities.
VCID-xb2c-r22q-dkgc Aliases: CVE-2009-3379	Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.Audio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected.	1.0.2+svn18153-0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xwju-wywk-6qbx Aliases: CVE-2008-2009		1.0.2+svn18153-0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3hj9-b58e-ckh4
Aliases:
CVE-2008-1419

1.0.2+svn18153-0.2
Affected by 1 other vulnerability.

VCID-ax5p-runb-3ba4
Aliases:
CVE-2008-1423

1.0.2+svn18153-0.2
Affected by 1 other vulnerability.

VCID-jwvr-ax6v-nbf4
Aliases:
CVE-2012-0444

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.

1.0.2+svn18153-0.2
Affected by 1 other vulnerability.

VCID-vzuz-bdgn-4baa
Aliases:
CVE-2018-5147

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.

1.0.2+svn18153-1~deb8u2
Affected by 1 other vulnerability.

1.0.2+svn18153-1+deb9u1
Affected by 1 other vulnerability.

1.2.1+git20180316-3
Affected by 0 other vulnerabilities.

VCID-xb2c-r22q-dkgc
Aliases:
CVE-2009-3379

Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.Audio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected.

1.0.2+svn18153-0.2
Affected by 1 other vulnerability.

VCID-xwju-wywk-6qbx
Aliases:
CVE-2008-2009

1.0.2+svn18153-0.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-8puv-bmxh-a7d5	Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)	CVE-2007-4065
VCID-amvs-eaha-wfgj		CVE-2007-3106
VCID-gmrh-s795-8feh	Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)	CVE-2007-4066
VCID-qvmd-t5nf-dkb5		CVE-2007-4029
VCID-wdyw-kubz-t3dv	Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.Audio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected.	CVE-2009-2663

Vulnerability

Summary

Aliases

VCID-8puv-bmxh-a7d5

Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

CVE-2007-4065

VCID-amvs-eaha-wfgj

CVE-2007-3106

VCID-gmrh-s795-8feh

Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

CVE-2007-4066

VCID-qvmd-t5nf-dkb5

CVE-2007-4029

VCID-wdyw-kubz-t3dv

CVE-2009-2663

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:34:22.529148+00:00	Debian Oval Importer	Fixing	VCID-wdyw-kubz-t3dv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:26:57.138957+00:00	Debian Oval Importer	Affected by	VCID-ax5p-runb-3ba4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:21:17.680570+00:00	Debian Oval Importer	Affected by	VCID-jwvr-ax6v-nbf4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:41:11.575398+00:00	Debian Oval Importer	Affected by	VCID-vzuz-bdgn-4baa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:40:53.309741+00:00	Debian Oval Importer	Affected by	VCID-3hj9-b58e-ckh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:13:44.802040+00:00	Debian Oval Importer	Affected by	VCID-xwju-wywk-6qbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:11:49.500399+00:00	Debian Oval Importer	Fixing	VCID-gmrh-s795-8feh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:49:03.305343+00:00	Debian Oval Importer	Fixing	VCID-8puv-bmxh-a7d5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:29:00.005876+00:00	Debian Oval Importer	Fixing	VCID-qvmd-t5nf-dkb5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:05:09.139077+00:00	Debian Oval Importer	Fixing	VCID-amvs-eaha-wfgj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:03:34.938142+00:00	Debian Oval Importer	Affected by	VCID-xb2c-r22q-dkgc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:05:06.728699+00:00	Debian Oval Importer	Affected by	VCID-vzuz-bdgn-4baa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:31:42.355399+00:00	Debian Oval Importer	Affected by	VCID-vzuz-bdgn-4baa	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0