CVE-2007-4065 — Infinite Loop in Libvorbis

7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

5.4%

top 9.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph.org Libvorbis

Timeline

PublishedSep 21

Latest updateMay 1

Description

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianxiph.org/libvorbis< 1.2.0.dfsg-1+3

▶NVDxiph.org/libvorbis1.2.0

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: trac.xiph.org ↗

🔴Vulnerability Details

GHSA

GHSA-93f6-cmww-g7mv: lib/vorbisfile↗2022-05-01

▶

OSV

CVE-2007-4065: lib/vorbisfile↗2007-09-21

▶

CVEList

CVE-2007-4065: lib/vorbisfile↗2007-09-21

▶

📋Vendor Advisories

Red Hat

Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26

▶

Debian

CVE-2007-4065: libvorbis - lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows cont...↗2007

▶

💬Community

Bugzilla

CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)↗2007-07-26

▶