CVE-2008-2009 (retired)

Description libvorbis before 1.0 does not properly check for underpopulated
Huffman trees, which allows remote attackers to cause a denial of service
(crash) via a crafted OGG file that triggers memory corruption during
execution of the _make_decode_tree function.
 mdeslaur> description is misleading, part of the patch applies to
 mdeslaur> recent versions.
More Information

Updated: 2019-03-26 11:43:54 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)