cbcvebase.
CVE-2007-5301
published 2007-10-09

CVE-2007-5301: Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote…

PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.24%
95.1th percentile
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

Affected

6 ranges
VendorProductVersion rangeFixed in
alsaplayeralsaplayer<= 0.99.80-rc2
alsaplayeralsaplayer>= 0 < 0.99.80~rc4-10.99.80~rc4-1
alsaplayeralsaplayer>= 0 < 0.99.80~rc4-10.99.80~rc4-1
alsaplayeralsaplayer>= 0 < 0.99.80~rc4-10.99.80~rc4-1
alsaplayeralsaplayer>= 0 < 0.99.80~rc4-10.99.80~rc4-1
debianalsaplayer< alsaplayer 0.99.80~rc4-1 (bookworm)alsaplayer 0.99.80~rc4-1 (bookworm)

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.