CVE-2007-5301
published 2007-10-09CVE-2007-5301: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.24%
95.1th percentile
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alsaplayer | alsaplayer | <= 0.99.80-rc2 | — |
| alsaplayer | alsaplayer | >= 0 < 0.99.80~rc4-1 | 0.99.80~rc4-1 |
| alsaplayer | alsaplayer | >= 0 < 0.99.80~rc4-1 | 0.99.80~rc4-1 |
| alsaplayer | alsaplayer | >= 0 < 0.99.80~rc4-1 | 0.99.80~rc4-1 |
| alsaplayer | alsaplayer | >= 0 < 0.99.80~rc4-1 | 0.99.80~rc4-1 |
| debian | alsaplayer | < alsaplayer 0.99.80~rc4-1 (bookworm) | alsaplayer 0.99.80~rc4-1 (bookworm) |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xpcp-c53g-wp4q: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine
ghsa_unreviewed·2022-05-01
CVE-2007-5301 [MEDIUM] CWE-119 GHSA-xpcp-c53g-wp4q: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
OSV
CVE-2007-5301: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine
osv·2007-10-09·CVSS 6.8
CVE-2007-5301 [MEDIUM] CVE-2007-5301: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
Debian
CVE-2007-5301: alsaplayer - Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine...
vendor_debian·2007·CVSS 6.8
CVE-2007-5301 [MEDIUM] CVE-2007-5301: alsaplayer - Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine...
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
Scope: local
bookworm: resolved (fixed in 0.99.80~rc4-1)
bullseye: resolved (fixed in 0.99.80~rc4-1)
forky: resolved (fixed in 0.99.80~rc4-1)
sid: resolved (fixed in 0.99.80~rc4-1)
trixie: resolved (fixed in 0.99.80~rc4-1)
No detection rules found.
Exploit-DB
AlsaPlayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow
exploitdb·2008-04-10·CVSS 6.8
CVE-2007-5301 [MEDIUM] AlsaPlayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow
AlsaPlayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow
---
I have released this exploit for the alsaplayer bug CVE-2007-5301.
You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/
With my modified version of vorbiscomment, you can generate a ogg exploit like this:
whats@debian:~$ vorbiscomment.whats -w -t "TITLE=$(perl -e 'print "AAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Exploit-DB
AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow
exploitdb·2007-10-08
CVE-2007-5301 AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow
AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/25969/info
AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
This issue affects versions prior to AlsaPlayer 0.99.80-rc3.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30648.ogg
No writeups or analysis indexed.
http://secunia.com/advisories/27117http://secunia.com/advisories/29680http://sourceforge.net/forum/forum.php?forum_id=742584http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249http://www.debian.org/security/2008/dsa-1538http://www.securityfocus.com/archive/1/490671/100/0/threadedhttp://www.securityfocus.com/bid/25969http://www.vupen.com/english/advisories/2007/3393http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.shhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36996https://www.exploit-db.com/exploits/5424http://secunia.com/advisories/27117http://secunia.com/advisories/29680http://sourceforge.net/forum/forum.php?forum_id=742584http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249http://www.debian.org/security/2008/dsa-1538http://www.securityfocus.com/archive/1/490671/100/0/threadedhttp://www.securityfocus.com/bid/25969http://www.vupen.com/english/advisories/2007/3393http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.shhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36996https://www.exploit-db.com/exploits/5424
2007-10-09
Published