Bug 531770 (CVE-2009-3377) - CVE-2009-3377 liboggz: unspecified security fixes mentioned in MFSA 2009-63
Summary: CVE-2009-3377 liboggz: unspecified security fixes mentioned in MFSA 2009-63
Alias: CVE-2009-3377
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 538220
TreeView+ depends on / blocked
Reported: 2009-10-29 13:12 UTC by Tomas Hoger
Modified: 2019-09-29 12:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-12-21 19:24:45 UTC

Attachments (Terms of Use)

Description Tomas Hoger 2009-10-29 13:12:33 UTC
Quoting Mozilla Foundation Security Advisory 2009-63:


  Georgi Guninski reported a crash in liboggz.

Advisory provides following bug list:


with only 512327 being public at the moment, which is for liboggz rebase to 0.9.9.

Comment 1 Tomas Hoger 2009-10-29 13:18:53 UTC
Looking into liboggz upstream ChangeLog, mozilla bug 515376 is mentioned as fixed in version 1.0.0:

    * Mozilla #515376: Check index in dirac_parse_info()

git commit:


It is not tagged as security fix in liboggz changelog, even though there's a fairly large list of security fixes mentioned in 0.9.9:

    * Handle allocation failure due to out of memory throughout, for Mozilla
      bug 468280. Adds new error return OGGZ_ERR_OUT_OF_MEMORY
    * skeleton.c::ogg_from_fisbone(): avoid memcpy of NULL
      fp->message_header_fields. Fixes ticket:408, reported by j^
    * Mozilla bug 463756: return an error when a hole (ie. missing sequence
      number) is detected in the headers of a track
    * Remove dead code from oggz_read.c for ticket:439, reported by Coverity
    * Check for NULL return value of val in cgi.c
      (ticket:438, reported by Coverity)
    * Add NULL return checks
      (ticket:440, reported by Coverity)
    * Check for integer overflows in calculations for realloc and when using
      strlen returns.  For Mozilla bug 480014
    * Don't map all errors to OGGZ_ERR_STOP_ERR
      Required for Mozilla bug 481933
      Exposes detected HOLE_IN_DATA as return value from oggz_read(),
      oggz_read_input(), and add documentation for extra return values
    * Apply patch by Jim Blandy from Mozilla bug 480521
      Avoid overflow in comment lengths

Comment 2 Tomas Hoger 2009-11-09 09:21:43 UTC
What is the plan for Fedora with this?  Lots of backports or move to 1.0+ in all current versions?

Comment 4 Rakesh Pandit 2010-05-29 06:54:55 UTC
Looking at this one. I think it is better to update it to latest 1.xx releases.

Comment 5 Fedora Update System 2010-05-29 08:29:19 UTC
liboggz-1.1.1-1.fc13 has been submitted as an update for Fedora 13.

Comment 6 Fedora Update System 2010-05-29 08:30:01 UTC
liboggz-1.1.1-1.fc12 has been submitted as an update for Fedora 12.

Comment 7 Fedora Update System 2010-05-31 18:18:39 UTC
liboggz-1.1.1-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2010-06-09 03:32:00 UTC
libannodex-0.7.3-14.fc13,mod_annodex-0.2.2-13.fc13,liboggz-1.1.1-1.fc13,libfishsound-0.9.1-5.fc13,sonic-visualiser-1.7.2-1.fc13 has been submitted as an update for Fedora 13.

Comment 9 Fedora Update System 2010-06-10 19:20:09 UTC
libannodex-0.7.3-14.fc13, mod_annodex-0.2.2-13.fc13, liboggz-1.1.1-1.fc13, libfishsound-0.9.1-5.fc13, sonic-visualiser-1.7.2-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.