cbcvebase.
CVE-2007-4029
published 2007-07-26

CVE-2007-4029: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type…

PriorityP420medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.67%
73.8th percentile
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianlibvorbis< libvorbis 1.2.0.dfsg-1 (bookworm)libvorbis 1.2.0.dfsg-1 (bookworm)
debianlibvorbisidec< libvorbis 1.2.0.dfsg-1 (bookworm)libvorbis 1.2.0.dfsg-1 (bookworm)
libvorbislibvorbis<= 1.2.0
libvorbislibvorbis
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-11.2.0.dfsg-1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-11.2.0.dfsg-1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-11.2.0.dfsg-1
xiph.orglibvorbis>= 0 < 1.2.0.dfsg-11.2.0.dfsg-1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.