PT-2007-1102 · Xiph.Org+1 · Libvorbis+1

Published

2007-09-19

·

Updated

2017-09-29

·

CVE-2007-4066

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.2.0
Description: The issue involves multiple buffer overflows in libvorbis, which can be exploited by context-dependent attackers through crafted OGG files. This could lead to a denial of service or have other unspecified impacts. The exploitation can be remote.
Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of libvorbis until a patch is applied. Avoid using libvorbis to process untrusted OGG files until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-119

Related Identifiers

BDU:2015-09582
CVE-2007-4066
DSA-1471-1
RHSA-2007:0845
RHSA-2007:0912
RHSA-2007_0845

Affected Products

Red Hat
Libvorbis