CVE-2007-4065

Summary

CVE	CVE-2007-4065
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-09-21 19:17:00 UTC
Updated	2017-09-29 01:29:00 UTC
Description	lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Xiph.org	Libvorbis	All	All	All	All

References

Reference	Source	Link	Tags
svn.xiph.org/trunk/vorbis/CHANGES	MISC	svn.xiph.org
Gentoo Linux Documentation -- libvorbis: Multiple vulnerabilities	GENTOO	security.gentoo.org
Mandriva update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
Red Hat update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Bug 249780 – CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)	CONFIRM	bugzilla.redhat.com
SecurityTracker.com Archives - libvorbis Bugs Let Remote Users Deny Service or Execute Arbitrary Code	SECTRACK	securitytracker.com	Patch
Red Hat update for libvorbis - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
Support / Security / Advisories / / MDKSA-2007:194 \| Mandriva	MANDRIVA	www.mandriva.com
Gentoo update for libvorbis - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Security Announcement	SUSE	www.novell.com
Support	REDHAT	www.redhat.com
trac.xiph.org/changeset/13217	MISC	trac.xiph.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.