CVE-2007-4066Improper Restriction of Operations within the Bounds of a Memory Buffer in Libvorbis

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 20.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xiph.org Libvorbis
Timeline
PublishedSep 21
Latest updateMay 1

Description

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianxiph.org/libvorbis< 1.2.0.dfsg-1+3

Patches

Patch: secunia.comPatch: bugzilla.redhat.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-hxvm-w548-m27r: Multiple buffer overflows in Xiph2022-05-01
OSV
CVE-2007-4066: Multiple buffer overflows in Xiph2007-09-21
CVEList
CVE-2007-4066: Multiple buffer overflows in Xiph2007-09-21

📋Vendor Advisories

4
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)2007-07-26
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)2007-07-26
Red Hat
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)2007-07-26
Debian
CVE-2007-4066: libvorbis - Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-depen...2007

💬Community

1
Bugzilla
CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)2007-07-26
CVE-2007-4066 — Xiph.org Libvorbis vulnerability | cvebase