Search for vulnerabilities
Vulnerability details: VCID-4pt9-1k5c-aaae
Vulnerability ID VCID-4pt9-1k5c-aaae
Aliases CVE-2008-1420
Summary Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2008:0270
rhas Important https://access.redhat.com/errata/RHSA-2008:0271
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.06327 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.07966 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.07966 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.09121 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.10703 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.12015 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.12015 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
epss 0.12099 https://api.first.org/data/v1/epss?cve=CVE-2008-1420
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-1420
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1420.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1420
https://bugzilla.redhat.com/show_bug.cgi?id=440706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
http://secunia.com/advisories/30234
http://secunia.com/advisories/30237
http://secunia.com/advisories/30247
http://secunia.com/advisories/30259
http://secunia.com/advisories/30479
http://secunia.com/advisories/30581
http://secunia.com/advisories/30820
http://secunia.com/advisories/32946
http://secunia.com/advisories/36463
http://security.gentoo.org/glsa/glsa-200806-09.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42402
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500
https://usn.ubuntu.com/825-1/
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
http://www.debian.org/security/2008/dsa-1591
http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
http://www.redhat.com/support/errata/RHSA-2008-0270.html
http://www.redhat.com/support/errata/RHSA-2008-0271.html
http://www.securityfocus.com/bid/29206
http://www.securitytracker.com/id?1020029
http://www.ubuntu.com/usn/USN-682-1
http://www.vupen.com/english/advisories/2008/1510/references
482518 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482518
CVE-2008-1420 https://nvd.nist.gov/vuln/detail/CVE-2008-1420
GLSA-200806-09 https://security.gentoo.org/glsa/200806-09
RHSA-2008:0270 https://access.redhat.com/errata/RHSA-2008:0270
RHSA-2008:0271 https://access.redhat.com/errata/RHSA-2008:0271
USN-682-1 https://usn.ubuntu.com/682-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1420
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90063
EPSS Score 0.06327
Published At April 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.