Published: 26/07/2007 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

lib/info.c in libvorbis 1.1.2, and possibly other versions prior to 1.2.0, allows context-dependent malicious users to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvorbis libvorbis
libvorbis libvorbis 1.1.2

David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user’s privileges ...

Debian Bug report logs - #669196 libvorbisidec: multiple longstanding unfixed security issues in libvorbis Package: libvorbisidec; Maintainer for libvorbisidec is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Wed, 18 Apr 2012 03:21:01 UTC ...

Debian Bug report logs - #437916 CVE-2007-4029 unfixed for stable Package: libvorbis; Maintainer for libvorbis is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Tue, 14 Aug 2007 19:48:02 UTC Severity: important Tags: security Found in version 112 ...

Several vulnerabilities were found in the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening a malformed Ogg Audio file with an application linked against libvorbis For the old stable distribution (sarge), these problems have been fixed in version 110- ...

CVE-2007-3106

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect