CVE-2007-4029
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
libvorbis 1.1.2, y posiblemente otras versiones anteriores a 1.2.0, permite a atacantes dependientes del contexto provocar denegación de servicio a travñes de (1) un tipo de mapeo no válido, el cual dispara una lectura fuera de límite en la función vorbis_info_clear en info.c, y (2) tamaño de bloque no válido que dispara un fallo de segmento en la función read en block.c.
David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-26 CVE Reserved
- 2007-07-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (30)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://security.gentoo.org/glsa/glsa-200710-03.xml | 2018-10-15 | |
http://www.debian.org/security/2008/dsa-1471 | 2018-10-15 | |
http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1 | 2018-10-15 | |
http://www.novell.com/linux/security/advisories/2007_23_sr.html | 2018-10-15 | |
http://www.redhat.com/support/errata/RHSA-2007-0845.html | 2018-10-15 | |
http://www.redhat.com/support/errata/RHSA-2007-0912.html | 2018-10-15 | |
http://www.ubuntu.com/usn/usn-498-1 | 2018-10-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=249780 | 2007-10-11 | |
https://access.redhat.com/security/cve/CVE-2007-4029 | 2007-10-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1 Search vendor "Rpath" for product "Rpath Linux" and version "1" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.1 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.1" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.2 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.2" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.3 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.3" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.4 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.4" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.5 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.5" | - |
Safe
|
Libvorbis Search vendor "Libvorbis" | Libvorbis Search vendor "Libvorbis" for product "Libvorbis" | 1.1.2 Search vendor "Libvorbis" for product "Libvorbis" and version "1.1.2" | - |
Affected
| in | Rpath Search vendor "Rpath" | Rpath Linux Search vendor "Rpath" for product "Rpath Linux" | 1.0.6 Search vendor "Rpath" for product "Rpath Linux" and version "1.0.6" | - |
Safe
|