Search for vulnerabilities
Vulnerability details: VCID-mt2s-z5qu-aaas
Vulnerability ID VCID-mt2s-z5qu-aaas
Aliases CVE-2008-2009
Summary Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2008:0271
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02210 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.02868 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.03607 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
epss 0.0434 https://api.first.org/data/v1/epss?cve=CVE-2008-2009
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-2009
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2009.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2009
https://bugzilla.redhat.com/show_bug.cgi?id=444443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2009
http://secunia.com/advisories/30247
https://exchange.xforce.ibmcloud.com/vulnerabilities/42521
http://www.redhat.com/support/errata/RHSA-2008-0271.html
http://www.securitytracker.com/id?1020029
http://www.ubuntu.com/usn/USN-861-1
http://www.vupen.com/english/advisories/2008/1510/references
482039 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482039
cpe:2.3:a:xiph.org:libvorbis:1.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:xiph.org:libvorbis:1.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:xiph.org:libvorbis:1.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:1.0:rc2:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
CVE-2008-2009 https://nvd.nist.gov/vuln/detail/CVE-2008-2009
RHSA-2008:0271 https://access.redhat.com/errata/RHSA-2008:0271
USN-861-1 https://usn.ubuntu.com/861-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2009
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88907
EPSS Score 0.02132
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.