csaf_redhat - rhsa-2007

rhsa-2007_0912

Vulnerability from csaf_redhat

Published

2007-10-11 18:23

Modified

2024-11-22 01:21

Summary

Red Hat Security Advisory: libvorbis security update

Notes

Topic

Updated libvorbis packages to correct several security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066) Users of libvorbis are advised to upgrade to this updated package, which contains backported patches that resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated libvorbis packages to correct several security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libvorbis package contains runtime libraries for use in programs that\nsupport Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and\nroyalty-free, general-purpose compressed audio format.\n\nSeveral flaws were found in the way libvorbis processed audio data. An\nattacker could create a carefully crafted OGG audio file in such a way that\nit could cause an application linked with libvorbis to crash or execute\narbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,\nCVE-2007-4065, CVE-2007-4066)\n\nUsers of libvorbis are advised to upgrade to this updated package, which\ncontains backported patches that resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0912",
        "url": "https://access.redhat.com/errata/RHSA-2007:0912"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "245991",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245991"
      },
      {
        "category": "external",
        "summary": "249780",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0912.json"
      }
    ],
    "title": "Red Hat Security Advisory: libvorbis security update",
    "tracking": {
      "current_release_date": "2024-11-22T01:21:56+00:00",
      "generator": {
        "date": "2024-11-22T01:21:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0912",
      "initial_release_date": "2007-10-11T18:23:00+00:00",
      "revision_history": [
        {
          "date": "2007-10-11T18:23:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-10-11T14:24:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T01:21:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "2.1AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "2.1AW",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "2.1ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "2.1WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-7.el2.ia64",
                "product": {
                  "name": "libvorbis-0:1.0rc2-7.el2.ia64",
                  "product_id": "libvorbis-0:1.0rc2-7.el2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-7.el2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
                "product": {
                  "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
                  "product_id": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis-devel@1.0rc2-7.el2?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-7.el2.src",
                "product": {
                  "name": "libvorbis-0:1.0rc2-7.el2.src",
                  "product_id": "libvorbis-0:1.0rc2-7.el2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-7.el2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvorbis-0:1.0rc2-7.el2.i386",
                "product": {
                  "name": "libvorbis-0:1.0rc2-7.el2.i386",
                  "product_id": "libvorbis-0:1.0rc2-7.el2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis@1.0rc2-7.el2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvorbis-devel-0:1.0rc2-7.el2.i386",
                "product": {
                  "name": "libvorbis-devel-0:1.0rc2-7.el2.i386",
                  "product_id": "libvorbis-devel-0:1.0rc2-7.el2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvorbis-devel@1.0rc2-7.el2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-0:1.0rc2-7.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.src",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.src as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-0:1.0rc2-7.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.src",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.src as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-0:1.0rc2-7.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.src",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-0:1.0rc2-7.el2.src as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-0:1.0rc2-7.el2.src"
        },
        "product_reference": "libvorbis-0:1.0rc2-7.el2.src",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvorbis-devel-0:1.0rc2-7.el2.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        },
        "product_reference": "libvorbis-devel-0:1.0rc2-7.el2.ia64",
        "relates_to_product_reference": "2.1WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3106",
      "discovery_date": "2007-06-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245991"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a \"heap overwrite\" in the _01inverse function in res0.c.  NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libvorbis array boundary condition",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3106"
        },
        {
          "category": "external",
          "summary": "RHBZ#245991",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245991"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3106"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3106",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3106"
        }
      ],
      "release_date": "2007-07-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-11T18:23:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0912"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libvorbis array boundary condition"
    },
    {
      "cve": "CVE-2007-4029",
      "discovery_date": "2007-07-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249780"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4029"
        },
        {
          "category": "external",
          "summary": "RHBZ#249780",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4029"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4029",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4029"
        }
      ],
      "release_date": "2007-07-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-11T18:23:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0912"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)"
    },
    {
      "cve": "CVE-2007-4065",
      "discovery_date": "2007-07-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249780"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4065"
        },
        {
          "category": "external",
          "summary": "RHBZ#249780",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4065"
        }
      ],
      "release_date": "2007-07-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-11T18:23:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0912"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)"
    },
    {
      "cve": "CVE-2007-4066",
      "discovery_date": "2007-07-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249780"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
          "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
          "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4066"
        },
        {
          "category": "external",
          "summary": "RHBZ#249780",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4066"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4066",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4066"
        }
      ],
      "release_date": "2007-07-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-11T18:23:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AS:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1AW:libvorbis-0:1.0rc2-7.el2.src",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1AW:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1ES:libvorbis-0:1.0rc2-7.el2.src",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1ES:libvorbis-devel-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.ia64",
            "2.1WS:libvorbis-0:1.0rc2-7.el2.src",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.i386",
            "2.1WS:libvorbis-devel-0:1.0rc2-7.el2.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0912"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)"
    }
  ]
}

cve-2007-4029

Vulnerability from cvelistv5

Published

2007-07-26 22:00

Modified

2024-08-07 14:37

Severity ?

Summary

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

References

▼	URL	Tags
	http://www.isecpartners.com/advisories/2007-003-libvorbis.txt	x_refsource_MISC
	https://issues.rpath.com/browse/RPL-1590	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-498-1	vendor-advisory, x_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2007/2760	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35624	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/26299	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=249780	x_refsource_CONFIRM
	http://secunia.com/advisories/28614	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1471	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/26429	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0912.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-200710-03.xml	vendor-advisory, x_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35623	vdb-entry, x_refsource_XF
	http://securitytracker.com/id?1018712	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/26087	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/25082	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/474729/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.tellini.org/blog/archives/32-Music-Box-1.6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/24923	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26535	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27439	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2698	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27099	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26232	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/26865	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_23_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2007-0845.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1590"
          },
          {
            "name": "USN-498-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-498-1"
          },
          {
            "name": "ADV-2007-2760",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2760"
          },
          {
            "name": "libvorbis-blocksize-code-execution(35624)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
          },
          {
            "name": "26299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26299"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
          },
          {
            "name": "28614",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28614"
          },
          {
            "name": "DSA-1471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1471"
          },
          {
            "name": "26429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26429"
          },
          {
            "name": "RHSA-2007:0912",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
          },
          {
            "name": "GLSA-200710-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:10570",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
          },
          {
            "name": "libvorbis-infoclear-code-execution(35623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
          },
          {
            "name": "1018712",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018712"
          },
          {
            "name": "26087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26087"
          },
          {
            "name": "25082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25082"
          },
          {
            "name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
          },
          {
            "name": "24923",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24923"
          },
          {
            "name": "26535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26535"
          },
          {
            "name": "27439",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27439"
          },
          {
            "name": "ADV-2007-2698",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2698"
          },
          {
            "name": "27099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27099"
          },
          {
            "name": "26232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26232"
          },
          {
            "name": "MDKSA-2007:167-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
          },
          {
            "name": "26865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26865"
          },
          {
            "name": "SUSE-SR:2007:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
          },
          {
            "name": "RHSA-2007:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1590"
        },
        {
          "name": "USN-498-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-498-1"
        },
        {
          "name": "ADV-2007-2760",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2760"
        },
        {
          "name": "libvorbis-blocksize-code-execution(35624)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35624"
        },
        {
          "name": "26299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26299"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "name": "28614",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28614"
        },
        {
          "name": "DSA-1471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1471"
        },
        {
          "name": "26429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26429"
        },
        {
          "name": "RHSA-2007:0912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
        },
        {
          "name": "GLSA-200710-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:10570",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570"
        },
        {
          "name": "libvorbis-infoclear-code-execution(35623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35623"
        },
        {
          "name": "1018712",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018712"
        },
        {
          "name": "26087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26087"
        },
        {
          "name": "25082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25082"
        },
        {
          "name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
        },
        {
          "name": "24923",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24923"
        },
        {
          "name": "26535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26535"
        },
        {
          "name": "27439",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27439"
        },
        {
          "name": "ADV-2007-2698",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2698"
        },
        {
          "name": "27099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27099"
        },
        {
          "name": "26232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26232"
        },
        {
          "name": "MDKSA-2007:167-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
        },
        {
          "name": "26865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26865"
        },
        {
          "name": "SUSE-SR:2007:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
        },
        {
          "name": "RHSA-2007:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4029",
    "datePublished": "2007-07-26T22:00:00",
    "dateReserved": "2007-07-26T00:00:00",
    "dateUpdated": "2024-08-07T14:37:06.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3106

Vulnerability from cvelistv5

Published

2007-07-26 21:00

Modified

2024-08-07 14:05

Severity ?

Summary

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

References

▼	URL	Tags
	http://www.isecpartners.com/advisories/2007-003-libvorbis.txt	x_refsource_MISC
	https://issues.rpath.com/browse/RPL-1590	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-498-1	vendor-advisory, x_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2007/2760	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/26299	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=249780	x_refsource_CONFIRM
	http://secunia.com/advisories/28614	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449	vdb-entry, signature, x_refsource_OVAL
	http://www.debian.org/security/2008/dsa-1471	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/26429	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=245991	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0912.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-200710-03.xml	vendor-advisory, x_refsource_GENTOO
	https://trac.xiph.org/changeset/13160	x_refsource_CONFIRM
	http://secunia.com/advisories/26087	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/25082	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/474729/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.tellini.org/blog/archives/32-Music-Box-1.6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/24923	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26535	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35622	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/2698	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27099	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26232	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/26865	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0845.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:05:29.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1590"
          },
          {
            "name": "USN-498-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-498-1"
          },
          {
            "name": "ADV-2007-2760",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2760"
          },
          {
            "name": "26299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26299"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
          },
          {
            "name": "28614",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28614"
          },
          {
            "name": "oval:org.mitre.oval:def:11449",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449"
          },
          {
            "name": "DSA-1471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1471"
          },
          {
            "name": "26429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245991"
          },
          {
            "name": "RHSA-2007:0912",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
          },
          {
            "name": "GLSA-200710-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13160"
          },
          {
            "name": "26087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26087"
          },
          {
            "name": "25082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25082"
          },
          {
            "name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
          },
          {
            "name": "24923",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24923"
          },
          {
            "name": "26535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26535"
          },
          {
            "name": "libvorbis-inverse-code-execution(35622)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35622"
          },
          {
            "name": "ADV-2007-2698",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2698"
          },
          {
            "name": "27099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27099"
          },
          {
            "name": "26232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26232"
          },
          {
            "name": "MDKSA-2007:167-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
          },
          {
            "name": "26865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26865"
          },
          {
            "name": "RHSA-2007:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a \"heap overwrite\" in the _01inverse function in res0.c.  NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1590"
        },
        {
          "name": "USN-498-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-498-1"
        },
        {
          "name": "ADV-2007-2760",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2760"
        },
        {
          "name": "26299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26299"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "name": "28614",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28614"
        },
        {
          "name": "oval:org.mitre.oval:def:11449",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449"
        },
        {
          "name": "DSA-1471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1471"
        },
        {
          "name": "26429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245991"
        },
        {
          "name": "RHSA-2007:0912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
        },
        {
          "name": "GLSA-200710-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://trac.xiph.org/changeset/13160"
        },
        {
          "name": "26087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26087"
        },
        {
          "name": "25082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25082"
        },
        {
          "name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html"
        },
        {
          "name": "24923",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24923"
        },
        {
          "name": "26535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26535"
        },
        {
          "name": "libvorbis-inverse-code-execution(35622)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35622"
        },
        {
          "name": "ADV-2007-2698",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2698"
        },
        {
          "name": "27099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27099"
        },
        {
          "name": "26232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26232"
        },
        {
          "name": "MDKSA-2007:167-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1"
        },
        {
          "name": "26865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26865"
        },
        {
          "name": "RHSA-2007:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3106",
    "datePublished": "2007-07-26T21:00:00",
    "dateReserved": "2007-06-07T00:00:00",
    "dateUpdated": "2024-08-07T14:05:29.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4065

Vulnerability from cvelistv5

Published

2007-09-21 18:00

Modified

2024-08-07 14:37

Severity ?

Summary

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=249780	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0912.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-200710-03.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/27170	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1018712	vdb-entry, x_refsource_SECTRACK
	http://svn.xiph.org/trunk/vorbis/CHANGES	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:194	vendor-advisory, x_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/24923	third-party-advisory, x_refsource_SECUNIA
	https://trac.xiph.org/changeset/13217	x_refsource_MISC
	http://secunia.com/advisories/27439	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27099	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26865	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_23_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2007-0845.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
          },
          {
            "name": "RHSA-2007:0912",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
          },
          {
            "name": "GLSA-200710-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
          },
          {
            "name": "27170",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27170"
          },
          {
            "name": "1018712",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018712"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
          },
          {
            "name": "MDKSA-2007:194",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
          },
          {
            "name": "oval:org.mitre.oval:def:9173",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173"
          },
          {
            "name": "24923",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13217"
          },
          {
            "name": "27439",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27439"
          },
          {
            "name": "27099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27099"
          },
          {
            "name": "26865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26865"
          },
          {
            "name": "SUSE-SR:2007:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
          },
          {
            "name": "RHSA-2007:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "name": "RHSA-2007:0912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
        },
        {
          "name": "GLSA-200710-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
        },
        {
          "name": "27170",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27170"
        },
        {
          "name": "1018712",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018712"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
        },
        {
          "name": "MDKSA-2007:194",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
        },
        {
          "name": "oval:org.mitre.oval:def:9173",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173"
        },
        {
          "name": "24923",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13217"
        },
        {
          "name": "27439",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27439"
        },
        {
          "name": "27099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27099"
        },
        {
          "name": "26865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26865"
        },
        {
          "name": "SUSE-SR:2007:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
        },
        {
          "name": "RHSA-2007:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4065",
    "datePublished": "2007-09-21T18:00:00",
    "dateReserved": "2007-07-30T00:00:00",
    "dateUpdated": "2024-08-07T14:37:06.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4066

Vulnerability from cvelistv5

Published

2007-09-21 18:00

Modified

2024-08-07 14:37

Severity ?

Summary

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

References

▼	URL	Tags
	https://trac.xiph.org/changeset/13168	x_refsource_CONFIRM
	https://trac.xiph.org/changeset/13172	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=249780	x_refsource_CONFIRM
	http://secunia.com/advisories/28614	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1471	vendor-advisory, x_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2007-0912.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-200710-03.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/27170	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1018712	vdb-entry, x_refsource_SECTRACK
	https://trac.xiph.org/changeset/13170	x_refsource_MISC
	http://svn.xiph.org/trunk/vorbis/CHANGES	x_refsource_MISC
	https://trac.xiph.org/changeset/13211	x_refsource_MISC
	https://trac.xiph.org/changeset/13169	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:194	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/24923	third-party-advisory, x_refsource_SECUNIA
	https://trac.xiph.org/ticket/853	x_refsource_MISC
	http://secunia.com/advisories/27439	third-party-advisory, x_refsource_SECUNIA
	https://trac.xiph.org/changeset/13162	x_refsource_MISC
	https://trac.xiph.org/ticket/300	x_refsource_CONFIRM
	http://secunia.com/advisories/27099	third-party-advisory, x_refsource_SECUNIA
	https://trac.xiph.org/changeset/13215	x_refsource_MISC
	http://secunia.com/advisories/26865	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_23_sr.html	vendor-advisory, x_refsource_SUSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2007-0845.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
          },
          {
            "name": "28614",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28614"
          },
          {
            "name": "DSA-1471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1471"
          },
          {
            "name": "RHSA-2007:0912",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
          },
          {
            "name": "GLSA-200710-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
          },
          {
            "name": "27170",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27170"
          },
          {
            "name": "1018712",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018712"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13170"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13211"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13169"
          },
          {
            "name": "MDKSA-2007:194",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
          },
          {
            "name": "24923",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/ticket/853"
          },
          {
            "name": "27439",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27439"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13162"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/ticket/300"
          },
          {
            "name": "27099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27099"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.xiph.org/changeset/13215"
          },
          {
            "name": "26865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26865"
          },
          {
            "name": "SUSE-SR:2007:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11453",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
          },
          {
            "name": "RHSA-2007:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://trac.xiph.org/changeset/13168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780"
        },
        {
          "name": "28614",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28614"
        },
        {
          "name": "DSA-1471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1471"
        },
        {
          "name": "RHSA-2007:0912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html"
        },
        {
          "name": "GLSA-200710-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml"
        },
        {
          "name": "27170",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27170"
        },
        {
          "name": "1018712",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018712"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13170"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.xiph.org/trunk/vorbis/CHANGES"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13211"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13169"
        },
        {
          "name": "MDKSA-2007:194",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194"
        },
        {
          "name": "24923",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/ticket/853"
        },
        {
          "name": "27439",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27439"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13162"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://trac.xiph.org/ticket/300"
        },
        {
          "name": "27099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27099"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.xiph.org/changeset/13215"
        },
        {
          "name": "26865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26865"
        },
        {
          "name": "SUSE-SR:2007:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11453",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453"
        },
        {
          "name": "RHSA-2007:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4066",
    "datePublished": "2007-09-21T18:00:00",
    "dateReserved": "2007-07-30T00:00:00",
    "dateUpdated": "2024-08-07T14:37:06.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2007_0912

Vulnerability from csaf_redhat

cve-2007-4029

Vulnerability from cvelistv5

cve-2007-3106

Vulnerability from cvelistv5

cve-2007-4065

Vulnerability from cvelistv5

cve-2007-4066

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature