CVE-2007-4029
published 2007-07-26CVE-2007-4029: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type…
PriorityP420medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.67%
73.8th percentile
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.2.0.dfsg-1 (bookworm) | libvorbis 1.2.0.dfsg-1 (bookworm) |
| debian | libvorbisidec | < libvorbis 1.2.0.dfsg-1 (bookworm) | libvorbis 1.2.0.dfsg-1 (bookworm) |
| libvorbis | libvorbis | <= 1.2.0 | — |
| libvorbis | libvorbis | — | — |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-1 | 1.2.0.dfsg-1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-1 | 1.2.0.dfsg-1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-1 | 1.2.0.dfsg-1 |
| xiph.org | libvorbis | >= 0 < 1.2.0.dfsg-1 | 1.2.0.dfsg-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f885-7gr5-w3p4: libvorbis 1
ghsa_unreviewed·2022-05-01
CVE-2007-4029 [MEDIUM] GHSA-f885-7gr5-w3p4: libvorbis 1
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
GHSA
GHSA-g2r6-v9mj-qx9w: lib/info
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-3106 [MEDIUM] GHSA-g2r6-v9mj-qx9w: lib/info
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
OSV
CVE-2007-3106: lib/info
osv·2007-07-26·CVSS 6.8
CVE-2007-3106 [MEDIUM] CVE-2007-3106: lib/info
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
OSV
CVE-2007-4029: libvorbis 1
osv·2007-07-26·CVSS 6.8
CVE-2007-4029 [MEDIUM] CVE-2007-4029: libvorbis 1
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
Ubuntu
libvorbis vulnerabilities
vendor_ubuntu·2007-08-16
CVE-2007-3106 libvorbis vulnerabilities
Title: libvorbis vulnerabilities
Summary: libvorbis vulnerabilities
David Thiel discovered that libvorbis did not correctly verify the size
of certain headers, and did not correctly clean up a broken stream.
If a user were tricked into processing a specially crafted Vorbis stream,
a remote attacker could execute arbitrary code with the user's privileges.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
vendor_redhat·2007-07-26·CVSS 6.8
CVE-2007-4066 [MEDIUM] Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
vendor_redhat·2007-07-26·CVSS 6.8
CVE-2007-4065 [MEDIUM] Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.
Red Hat
libvorbis array boundary condition
vendor_redhat·2007-07-26·CVSS 6.8
CVE-2007-3106 [MEDIUM] libvorbis array boundary condition
libvorbis array boundary condition
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
vendor_redhat·2007-07-26·CVSS 6.8
CVE-2007-4029 [MEDIUM] Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
Debian
CVE-2007-3106: libvorbis - lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...
vendor_debian·2007·CVSS 6.8
CVE-2007-3106 [MEDIUM] CVE-2007-3106: libvorbis - lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
Scope: local
bookworm: resolved (fixed in 1.2.0.dfsg-1)
bullseye: resolved (fixed in 1.2.0.dfsg-1)
forky: resolved (fixed in 1.2.0.dfsg-1)
sid: resolved (fixed in 1.2.0.dfsg-1)
trixie: resolved (fixed in 1.2.0.dfsg-1)
Debian
CVE-2007-4029: libvorbis - libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-depend...
vendor_debian·2007·CVSS 6.8
CVE-2007-4029 [MEDIUM] CVE-2007-4029: libvorbis - libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-depend...
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
Scope: local
bookworm: resolved (fixed in 1.2.0.dfsg-1)
bullseye: resolved (fixed in 1.2.0.dfsg-1)
forky: resolved (fixed in 1.2.0.dfsg-1)
sid: resolved (fixed in 1.2.0.dfsg-1)
trixie: resolved (fixed in 1.2.0.dfsg-1)
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/24923http://secunia.com/advisories/26087http://secunia.com/advisories/26232http://secunia.com/advisories/26299http://secunia.com/advisories/26429http://secunia.com/advisories/26535http://secunia.com/advisories/26865http://secunia.com/advisories/27099http://secunia.com/advisories/27439http://secunia.com/advisories/28614http://security.gentoo.org/glsa/glsa-200710-03.xmlhttp://securitytracker.com/id?1018712http://www.debian.org/security/2008/dsa-1471http://www.isecpartners.com/advisories/2007-003-libvorbis.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1http://www.novell.com/linux/security/advisories/2007_23_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0845.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0912.htmlhttp://www.securityfocus.com/archive/1/474729/100/0/threadedhttp://www.securityfocus.com/bid/25082http://www.tellini.org/blog/archives/32-Music-Box-1.6.htmlhttp://www.ubuntu.com/usn/usn-498-1http://www.vupen.com/english/advisories/2007/2698http://www.vupen.com/english/advisories/2007/2760https://bugzilla.redhat.com/show_bug.cgi?id=249780https://exchange.xforce.ibmcloud.com/vulnerabilities/35623https://exchange.xforce.ibmcloud.com/vulnerabilities/35624https://issues.rpath.com/browse/RPL-1590https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570http://secunia.com/advisories/24923http://secunia.com/advisories/26087http://secunia.com/advisories/26232http://secunia.com/advisories/26299http://secunia.com/advisories/26429http://secunia.com/advisories/26535http://secunia.com/advisories/26865http://secunia.com/advisories/27099http://secunia.com/advisories/27439http://secunia.com/advisories/28614http://security.gentoo.org/glsa/glsa-200710-03.xmlhttp://securitytracker.com/id?1018712http://www.debian.org/security/2008/dsa-1471http://www.isecpartners.com/advisories/2007-003-libvorbis.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1http://www.novell.com/linux/security/advisories/2007_23_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0845.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0912.htmlhttp://www.securityfocus.com/archive/1/474729/100/0/threadedhttp://www.securityfocus.com/bid/25082http://www.tellini.org/blog/archives/32-Music-Box-1.6.htmlhttp://www.ubuntu.com/usn/usn-498-1http://www.vupen.com/english/advisories/2007/2698http://www.vupen.com/english/advisories/2007/2760https://bugzilla.redhat.com/show_bug.cgi?id=249780https://exchange.xforce.ibmcloud.com/vulnerabilities/35623https://exchange.xforce.ibmcloud.com/vulnerabilities/35624https://issues.rpath.com/browse/RPL-1590https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570
2007-07-26
Published