Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-413
Vulnerability from certfr_avis
None
Description
Plusieurs vulnérabilités ont été identifiées dans la bibliothèque libvorbis, dédiée au format multimédia Ogg Vorbis. Elles peuvent être exploitées par une personne malveillante sous la forme de fichier .oog spécialement construits, afin de perturber ou exécuter des commandes sur le système ayant une version vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "libvorbis, pour les versions ant\u00e9rieures \u00e0 1.1.3.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans la biblioth\u00e8que\nlibvorbis, d\u00e9di\u00e9e au format multim\u00e9dia Ogg Vorbis. Elles peuvent \u00eatre\nexploit\u00e9es par une personne malveillante sous la forme de fichier .oog\nsp\u00e9cialement construits, afin de perturber ou ex\u00e9cuter des commandes sur\nle syst\u00e8me ayant une version vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-4065",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4065"
},
{
"name": "CVE-2007-4066",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4066"
},
{
"name": "CVE-2007-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4029"
}
],
"initial_release_date": "2007-09-21T00:00:00",
"last_revision_date": "2007-09-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 iSec Partners du 26 juillet 2007 :",
"url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
},
{
"title": "Page officiel du projet libvorbis :",
"url": "http://xiph.org/vorbis/"
}
],
"reference": "CERTA-2007-AVI-413",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9s dans libvorbis",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonce de mise \u00e0 jour du projet libvorbis",
"url": null
}
]
}
CVE-2007-4029 (GCVE-0-2007-4029)
Vulnerability from cvelistv5
Published
2007-07-26 22:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1590"
},
{
"name": "USN-498-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-498-1"
},
{
"name": "ADV-2007-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2760"
},
{
"name": "libvorbis-blocksize-code-execution(35624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
},
{
"name": "26299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "26429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26429"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "oval:org.mitre.oval:def:10570",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
},
{
"name": "libvorbis-infoclear-code-execution(35623)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"name": "26087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26087"
},
{
"name": "25082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25082"
},
{
"name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24923"
},
{
"name": "26535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26535"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "ADV-2007-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2698"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27099"
},
{
"name": "26232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26232"
},
{
"name": "MDKSA-2007:167-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1590"
},
{
"name": "USN-498-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-498-1"
},
{
"name": "ADV-2007-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2760"
},
{
"name": "libvorbis-blocksize-code-execution(35624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
},
{
"name": "26299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "26429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26429"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "oval:org.mitre.oval:def:10570",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
},
{
"name": "libvorbis-infoclear-code-execution(35623)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"name": "26087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26087"
},
{
"name": "25082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25082"
},
{
"name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24923"
},
{
"name": "26535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26535"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "ADV-2007-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2698"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27099"
},
{
"name": "26232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26232"
},
{
"name": "MDKSA-2007:167-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4029",
"datePublished": "2007-07-26T22:00:00",
"dateReserved": "2007-07-26T00:00:00",
"dateUpdated": "2024-08-07T14:37:06.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4065 (GCVE-0-2007-4065)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "27170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27170"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"name": "MDKSA-2007:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name": "oval:org.mitre.oval:def:9173",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24923"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13217"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27099"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "27170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27170"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"name": "MDKSA-2007:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name": "oval:org.mitre.oval:def:9173",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24923"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13217"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27099"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4065",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:37:06.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4066 (GCVE-0-2007-4066)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "27170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27170"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13211"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13169"
},
{
"name": "MDKSA-2007:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24923"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/ticket/853"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.xiph.org/ticket/300"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27099"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.xiph.org/changeset/13215"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11453",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.xiph.org/changeset/13168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
},
{
"name": "28614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28614"
},
{
"name": "DSA-1471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1471"
},
{
"name": "RHSA-2007:0912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
},
{
"name": "GLSA-200710-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
},
{
"name": "27170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27170"
},
{
"name": "1018712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018712"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13211"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13169"
},
{
"name": "MDKSA-2007:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
},
{
"name": "24923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24923"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/ticket/853"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.xiph.org/ticket/300"
},
{
"name": "27099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27099"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.xiph.org/changeset/13215"
},
{
"name": "26865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26865"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11453",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
},
{
"name": "RHSA-2007:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4066",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:37:06.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…