CVE-2007-3106

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.2.0

Description: The issue affects the libvorbis package in Gentoo Linux and can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. In libvorbis, specifically in versions before 1.2.0, context-dependent attackers can cause a denial of service and possibly execute arbitrary code via invalid blocksize 0 and blocksize 1 values. These values can trigger a heap overwrite in the 01inverse function.

Recommendations: For libvorbis versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the libvorbis library until a patch is available. Avoid using the blocksize 0 and blocksize 1 parameters with invalid values in the affected functions until the issue is resolved.