CVE-2009-2663

EPSS 2.2%

libvorbis - several vulnerabilities

Published: 8/4/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-2663

Description

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

Affected packages (3)

Debian/libvorbisfrom 0, < 1.2.0.dfsg-6
Debian/libvorbisfrom 0, < 1.1.2.dfsg-1.4+etch1
Debian/libvorbisidecfrom 0, < 1.0.2+svn16259-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-2663