CVE-2007-4029

Summary

CVE	CVE-2007-4029
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-07-26 22:30:00 UTC
Updated	2018-10-15 21:32:00 UTC
Description	libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libvorbis	Libvorbis	1.1.2	All	All	All
Application	Libvorbis	Libvorbis	1.1.2	All	All	All
Operating System	Rpath	Rpath Linux	1	All	All	All
Operating System	Rpath	Rpath Linux	1.0.1	All	All	All
Operating System	Rpath	Rpath Linux	1.0.2	All	All	All
Operating System	Rpath	Rpath Linux	1.0.3	All	All	All
Operating System	Rpath	Rpath Linux	1.0.4	All	All	All
Operating System	Rpath	Rpath Linux	1.0.5	All	All	All
Operating System	Rpath	Rpath Linux	1.0.6	All	All	All
Operating System	Rpath	Rpath Linux	1	All	All	All
Operating System	Rpath	Rpath Linux	1.0.1	All	All	All
Operating System	Rpath	Rpath Linux	1.0.2	All	All	All
Operating System	Rpath	Rpath Linux	1.0.3	All	All	All
Operating System	Rpath	Rpath Linux	1.0.4	All	All	All
Operating System	Rpath	Rpath Linux	1.0.5	All	All	All
Operating System	Rpath	Rpath Linux	1.0.6	All	All	All

References

Reference	Source	Link	Tags
Webmail \| OVH- OVH	VUPEN	www.vupen.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
www.isecpartners.com/advisories/2007-003-libvorbis.txt	MISC	www.isecpartners.com
USN-498-1: libvorbis vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
Ubuntu update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
Libvorbis Denial Of Service And Memory Corruption Vulnerabilities	BID	www.securityfocus.com
Music Box libvorbis Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
Gentoo Linux Documentation -- libvorbis: Multiple vulnerabilities	GENTOO	security.gentoo.org
libvorbis Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
Red Hat update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Bug 249780 – CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)	CONFIRM	bugzilla.redhat.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
SecurityTracker.com Archives - libvorbis Bugs Let Remote Users Deny Service or Execute Arbitrary Code	SECTRACK	securitytracker.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
Red Hat update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
Debian update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
rPath update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
Gentoo update for libvorbis - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com
[#RPL-1590] libvorbis multiple vulnerabilities CVE-2007-3106 CVE-2007-4029 - rPath Issue Tracking System	CONFIRM	issues.rpath.com
Debian -- Security Information -- DSA-1471-1 libvorbis	DEBIAN	www.debian.org
Music Box 1.6 - T Software News	CONFIRM	www.tellini.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Security Announcement	SUSE	www.novell.com
Support	REDHAT	www.redhat.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.