FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libtremor -- multiple vulnerabilities

Affected packages
libtremor < 1.2.0.s20101013

Details

VuXML ID 3dac84c9-bce1-4199-9784-d68af1eb7b2e
Discovery 2008-03-19
Entry 2015-08-25
Modified 2015-08-25

The RedHat Project reports:

Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash (NULL pointer dereference or divide by zero), enter an infinite loop or cause heap overflow caused by integer overflow.

References

CVE Name CVE-2008-1418
CVE Name CVE-2008-1419
CVE Name CVE-2008-1420
CVE Name CVE-2008-1423
CVE Name CVE-2008-2009
URL http://redpig.dataspill.org/2008/05/multiple-vulnerabilities-in-ogg-tremor.html
URL https://git.xiph.org/?p=tremor.git;a=commitdiff;h=159efc4
URL https://git.xiph.org/?p=tremor.git;a=commitdiff;h=1d1f93e
URL https://git.xiph.org/?p=tremor.git;a=commitdiff;h=7e94eea