Required CVE Record Information
Description
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
References 29 Total
- http://www.isecpartners.com/advisories/2007-003-libvorbis.txt
- https://issues.rpath.com/browse/RPL-1590
- ubuntu.com: USN-498-1 vendor-advisory
- vupen.com: ADV-2007-2760 vdb-entry
- exchange.xforce.ibmcloud.com: libvorbis-blocksize-code-execution(35624) vdb-entry
- secunia.com: 26299 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=249780
- secunia.com: 28614 third-party-advisory
- debian.org: DSA-1471 vendor-advisory
- secunia.com: 26429 third-party-advisory
- redhat.com: RHSA-2007:0912 vendor-advisory
- security.gentoo.org: GLSA-200710-03 vendor-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:10570 vdb-entrysignature
- exchange.xforce.ibmcloud.com: libvorbis-infoclear-code-execution(35623) vdb-entry
- securitytracker.com: 1018712 vdb-entry
- secunia.com: 26087 third-party-advisory
- securityfocus.com: 25082 vdb-entry
- securityfocus.com: 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws mailing-list
- http://www.tellini.org/blog/archives/32-Music-Box-1.6.html
- secunia.com: 24923 third-party-advisory
- secunia.com: 26535 third-party-advisory
- secunia.com: 27439 third-party-advisory
- vupen.com: ADV-2007-2698 vdb-entry
- secunia.com: 27099 third-party-advisory
- secunia.com: 26232 third-party-advisory
- mandriva.com: MDKSA-2007:167-1 vendor-advisory
- secunia.com: 26865 third-party-advisory
- novell.com: SUSE-SR:2007:023 vendor-advisory
- redhat.com: RHSA-2007:0845 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 29 Total
- http://www.isecpartners.com/advisories/2007-003-libvorbis.txt x_transferred
- https://issues.rpath.com/browse/RPL-1590 x_transferred
- ubuntu.com: USN-498-1 vendor-advisoryx_transferred
- vupen.com: ADV-2007-2760 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: libvorbis-blocksize-code-execution(35624) vdb-entryx_transferred
- secunia.com: 26299 third-party-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=249780 x_transferred
- secunia.com: 28614 third-party-advisoryx_transferred
- debian.org: DSA-1471 vendor-advisoryx_transferred
- secunia.com: 26429 third-party-advisoryx_transferred
- redhat.com: RHSA-2007:0912 vendor-advisoryx_transferred
- security.gentoo.org: GLSA-200710-03 vendor-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:10570 vdb-entrysignaturex_transferred
- exchange.xforce.ibmcloud.com: libvorbis-infoclear-code-execution(35623) vdb-entryx_transferred
- securitytracker.com: 1018712 vdb-entryx_transferred
- secunia.com: 26087 third-party-advisoryx_transferred
- securityfocus.com: 25082 vdb-entryx_transferred
- securityfocus.com: 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws mailing-listx_transferred
- http://www.tellini.org/blog/archives/32-Music-Box-1.6.html x_transferred
- secunia.com: 24923 third-party-advisoryx_transferred
- secunia.com: 26535 third-party-advisoryx_transferred
- secunia.com: 27439 third-party-advisoryx_transferred
- vupen.com: ADV-2007-2698 vdb-entryx_transferred
- secunia.com: 27099 third-party-advisoryx_transferred
- secunia.com: 26232 third-party-advisoryx_transferred
- mandriva.com: MDKSA-2007:167-1 vendor-advisoryx_transferred
- secunia.com: 26865 third-party-advisoryx_transferred
- novell.com: SUSE-SR:2007:023 vendor-advisoryx_transferred
- redhat.com: RHSA-2007:0845 vendor-advisoryx_transferred