CVE-2007-4029

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.2.0

Description: The issue affects the libvorbis package in Gentoo Linux and can lead to a disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, context-dependent attackers can cause a denial of service via an invalid mapping type, which triggers an out-of-bounds read in the vorbis info clear function, or through invalid blocksize values that trigger a segmentation fault in the read function.

Recommendations: For libvorbis versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vorbis info clear function and the read function in block.c to minimize the risk of exploitation.