PT-2007-1102 · Xiph.Org+1 · Libvorbis+1

Publicado

2007-09-19

Atualizado

2017-09-29

CVE-2007-4066

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.2.0

Description: The issue involves multiple buffer overflows in libvorbis, which can be exploited by context-dependent attackers through crafted OGG files. This could lead to a denial of service or have other unspecified impacts. The exploitation can be remote.

Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of libvorbis until a patch is applied. Avoid using libvorbis to process untrusted OGG files until the issue is resolved.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-119

Identificadores relacionados

BDU:2015-09582

CVE-2007-4066

DSA-1471-1

RHSA-2007:0845

RHSA-2007:0912

RHSA-2007_0845

Produtos afetados

Red Hat

Libvorbis

PT-2007-1102 · Xiph.Org+1 · Libvorbis+1

CVE-2007-4066

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35