Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419)