CVE-2007-4029 — Libvorbis vulnerability

CWE-39916 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
1.6%
top 18.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xiph.org LibvorbisLibvorbis
Timeline
PublishedJul 26
Latest updateMay 1

Description

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

â–¶Debianxiph.org/libvorbis< 1.2.0.dfsg-1+3
â–¶NVDlibvorbis/libvorbis1.2.0+1

🔴Vulnerability Details

6
GHSA
GHSA-f885-7gr5-w3p4: libvorbis 1↗2022-05-01
â–¶
GHSA
GHSA-g2r6-v9mj-qx9w: lib/info↗2022-05-01
â–¶
OSV
CVE-2007-3106: lib/info↗2007-07-26
â–¶
OSV
CVE-2007-4029: libvorbis 1↗2007-07-26
â–¶
CVEList
CVE-2007-3106: lib/info↗2007-07-26
â–¶

📋Vendor Advisories

7
Ubuntu
libvorbis vulnerabilities↗2007-08-16
â–¶
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26
â–¶
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26
â–¶
Red Hat
libvorbis array boundary condition↗2007-07-26
â–¶
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26
â–¶

💬Community

1
Bugzilla
CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26
â–¶
CVE-2007-4029 — Libvorbis vulnerability | cvebase