libtheora: Arbitrary code execution An integer overflow in libtheora might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. libtheora December 03, 2013 December 03, 2013: 1 298039 remote 1.1.1 1.1.1

libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation.

An integer overflow flaw has been discovered in libtheora.

A remote attacker could execute arbitrary code or cause a Denial of Service condition.

There is no known workaround at this time.

All libtheora users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libtheora-1.1.1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

CVE-2009-3389 underling Zlogene