CVE-2007-4029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4029
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/24923
http://secunia.com/advisories/26087
http://secunia.com/advisories/26232
http://secunia.com/advisories/26299
http://secunia.com/advisories/26429
http://secunia.com/advisories/26535
http://secunia.com/advisories/26865
http://secunia.com/advisories/27099
http://secunia.com/advisories/27439
http://secunia.com/advisories/28614
http://security.gentoo.org/glsa/glsa-200710-03.xml
http://securitytracker.com/id?1018712
http://www.debian.org/security/2008/dsa-1471
http://www.isecpartners.com/advisories/2007-003-libvorbis.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0845.html
http://www.redhat.com/support/errata/RHSA-2007-0912.html
http://www.securityfocus.com/archive/1/474729/100/0/threaded
http://www.securityfocus.com/bid/25082
http://www.tellini.org/blog/archives/32-Music-Box-1.6.html
http://www.ubuntu.com/usn/usn-498-1
http://www.vupen.com/english/advisories/2007/2698
http://www.vupen.com/english/advisories/2007/2760
https://bugzilla.redhat.com/show_bug.cgi?id=249780
https://exchange.xforce.ibmcloud.com/vulnerabilities/35623
https://exchange.xforce.ibmcloud.com/vulnerabilities/35624
https://issues.rpath.com/browse/RPL-1590
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570
http://secunia.com/advisories/24923
http://secunia.com/advisories/26087
http://secunia.com/advisories/26232
http://secunia.com/advisories/26299
http://secunia.com/advisories/26429
http://secunia.com/advisories/26535
http://secunia.com/advisories/26865
http://secunia.com/advisories/27099
http://secunia.com/advisories/27439
http://secunia.com/advisories/28614
http://security.gentoo.org/glsa/glsa-200710-03.xml
http://securitytracker.com/id?1018712
http://www.debian.org/security/2008/dsa-1471
http://www.isecpartners.com/advisories/2007-003-libvorbis.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0845.html
http://www.redhat.com/support/errata/RHSA-2007-0912.html
http://www.securityfocus.com/archive/1/474729/100/0/threaded
http://www.securityfocus.com/bid/25082
http://www.tellini.org/blog/archives/32-Music-Box-1.6.html
http://www.ubuntu.com/usn/usn-498-1
http://www.vupen.com/english/advisories/2007/2698
http://www.vupen.com/english/advisories/2007/2760
https://bugzilla.redhat.com/show_bug.cgi?id=249780
https://exchange.xforce.ibmcloud.com/vulnerabilities/35623
https://exchange.xforce.ibmcloud.com/vulnerabilities/35624
https://issues.rpath.com/browse/RPL-1590
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.3:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.4:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.5:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libvorbis:libvorbis:1.1.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:34

Type Values Removed Values Added
References () http://secunia.com/advisories/24923 - () http://secunia.com/advisories/24923 -
References () http://secunia.com/advisories/26087 - () http://secunia.com/advisories/26087 -
References () http://secunia.com/advisories/26232 - () http://secunia.com/advisories/26232 -
References () http://secunia.com/advisories/26299 - () http://secunia.com/advisories/26299 -
References () http://secunia.com/advisories/26429 - () http://secunia.com/advisories/26429 -
References () http://secunia.com/advisories/26535 - () http://secunia.com/advisories/26535 -
References () http://secunia.com/advisories/26865 - () http://secunia.com/advisories/26865 -
References () http://secunia.com/advisories/27099 - () http://secunia.com/advisories/27099 -
References () http://secunia.com/advisories/27439 - () http://secunia.com/advisories/27439 -
References () http://secunia.com/advisories/28614 - () http://secunia.com/advisories/28614 -
References () http://security.gentoo.org/glsa/glsa-200710-03.xml - () http://security.gentoo.org/glsa/glsa-200710-03.xml -
References () http://securitytracker.com/id?1018712 - () http://securitytracker.com/id?1018712 -
References () http://www.debian.org/security/2008/dsa-1471 - () http://www.debian.org/security/2008/dsa-1471 -
References () http://www.isecpartners.com/advisories/2007-003-libvorbis.txt - () http://www.isecpartners.com/advisories/2007-003-libvorbis.txt -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1 -
References () http://www.novell.com/linux/security/advisories/2007_23_sr.html - () http://www.novell.com/linux/security/advisories/2007_23_sr.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0845.html - () http://www.redhat.com/support/errata/RHSA-2007-0845.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0912.html - () http://www.redhat.com/support/errata/RHSA-2007-0912.html -
References () http://www.securityfocus.com/archive/1/474729/100/0/threaded - () http://www.securityfocus.com/archive/1/474729/100/0/threaded -
References () http://www.securityfocus.com/bid/25082 - () http://www.securityfocus.com/bid/25082 -
References () http://www.tellini.org/blog/archives/32-Music-Box-1.6.html - () http://www.tellini.org/blog/archives/32-Music-Box-1.6.html -
References () http://www.ubuntu.com/usn/usn-498-1 - () http://www.ubuntu.com/usn/usn-498-1 -
References () http://www.vupen.com/english/advisories/2007/2698 - () http://www.vupen.com/english/advisories/2007/2698 -
References () http://www.vupen.com/english/advisories/2007/2760 - () http://www.vupen.com/english/advisories/2007/2760 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=249780 - () https://bugzilla.redhat.com/show_bug.cgi?id=249780 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/35623 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/35623 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/35624 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/35624 -
References () https://issues.rpath.com/browse/RPL-1590 - () https://issues.rpath.com/browse/RPL-1590 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570 -
Information

Published : 2007-07-26 22:30

Updated : 2024-11-21 00:34

NVD link : CVE-2007-4029

Mitre link : CVE-2007-4029

CVE.ORG link : CVE-2007-4029

JSON object : View

Products Affected

rpath

  • rpath_linux

libvorbis

  • libvorbis
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024