CVE-2007-4066
Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
Múltiples desbordamientos de búfer Xiph.Org libvorbis versiones anteriores a 1.2.0 permiten a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio o tener otro impacto no especificado mediante un fichero OGG manipulado, también conocido como trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, y 13215, como se demuestra con un desbordamiento en oggenc.exe relativo al array _psy_noiseguards_8.
David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-30 CVE Reserved
- 2007-09-21 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/24923 | Third Party Advisory | |
| http://secunia.com/advisories/27099 | Third Party Advisory | |
| http://secunia.com/advisories/27170 | Third Party Advisory | |
| http://secunia.com/advisories/27439 | Third Party Advisory | |
| http://secunia.com/advisories/28614 | Third Party Advisory | |
| http://securitytracker.com/id?1018712 | Vdb Entry | |
| http://svn.xiph.org/trunk/vorbis/CHANGES | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453 | Signature | |
| https://trac.xiph.org/changeset/13162 | X_refsource_misc | |
| https://trac.xiph.org/changeset/13168 | X_refsource_confirm | |
| https://trac.xiph.org/changeset/13169 | X_refsource_misc | |
| https://trac.xiph.org/changeset/13170 | X_refsource_misc | |
| https://trac.xiph.org/changeset/13172 | X_refsource_misc | |
| https://trac.xiph.org/changeset/13211 | X_refsource_misc | |
| https://trac.xiph.org/changeset/13215 | X_refsource_misc | |
| https://trac.xiph.org/ticket/300 | X_refsource_confirm | |
| https://trac.xiph.org/ticket/853 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26865 | 2017-09-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=249780 | 2007-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200710-03.xml | 2017-09-29 | |
| http://www.debian.org/security/2008/dsa-1471 | 2017-09-29 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:194 | 2017-09-29 | |
| http://www.novell.com/linux/security/advisories/2007_23_sr.html | 2017-09-29 | |
| http://www.redhat.com/support/errata/RHSA-2007-0845.html | 2017-09-29 | |
| http://www.redhat.com/support/errata/RHSA-2007-0912.html | 2017-09-29 | |
| https://access.redhat.com/security/cve/CVE-2007-4066 | 2007-10-11 |