Vulnerability CVE-2007-3106

Vulnerability Name:

CVE-2007-3106 (CCN-35622)

Assigned:

2007-07-26

Published:

2007-07-26

Updated:

2023-02-13

Summary:

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c.
Note: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Thu Jul 26 2007 - 12:18:33 CDT
libvorbis 1.1.2 - Multiple memory corruption flaws

Source: MITRE
Type: CNA
CVE-2007-3106

Source: CCN
Type: RHSA-2007-0845
Important: libvorbis security update

Source: CCN
Type: RHSA-2007-0912
Important: libvorbis security update

Source: CCN
Type: SA26232
libvorbis Multiple Vulnerabilities

Source: CCN
Type: SA26299
Music Box libvorbis Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2007-393
Libvorbis security update (RHSA-2007-0845)

Source: CCN
Type: ASA-2007-479
libvorbis security update (RHSA-2007-0912)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-1471
libvorbis -- several vulnerabilities

Source: CCN
Type: GLSA-200710-03
libvorbis: Multiple vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-25082
Libvorbis Denial Of Service And Memory Corruption Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Tellini Blog, Tuesday, July 31. 2007
Music Box 1.6 - libvorbis update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: T Software Web site
Music Box

Source: CCN
Type: USN-498-1
libvorbis vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: libvorbis Web site
Xiph.org

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
libvorbis-inverse-code-execution(35622)

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073106	V	CVE-2007-3106	2022-06-30
oval:org.opensuse.security:def:42387	P	Security update for libslirp (Important)	2022-05-18
oval:org.opensuse.security:def:42180	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:112908	P	libvorbis-devel-1.3.7-1.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31326	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31706	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:32223	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:26160	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:31293	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:31694	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:31695	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:32201	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:106367	P	libvorbis-devel-1.3.7-1.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26125	P	Security update for grilo (Important)	2021-09-09
oval:org.opensuse.security:def:26119	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:32162	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:31665	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:31241	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:26099	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:31240	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32148	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32944	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:42635	P	libvorbis-1.2.0-79.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32113	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:36228	P	libvorbis-1.2.0-79.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36500	P	libvorbis-devel-1.2.0-79.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26062	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:26055	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26049	P	Security update for lz4 (Important)	2021-05-14
oval:org.opensuse.security:def:26041	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:31161	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32905	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:31607	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:32060	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:32061	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:26209	P	Security update for apache2 (Moderate)	2021-03-12
oval:org.opensuse.security:def:31741	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:26203	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:32267	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:31252	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:31685	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:26061	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:25981	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:32016	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:31087	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35773	P	libvorbis-1.2.0-79.13.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42014	P	libvorbis-1.2.0-79.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35980	P	libvorbis-1.2.0-79.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35607	P	libvorbis-1.2.0-79.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31076	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25608	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26509	P	Security update for cacti, cacti-spine (Moderate)	2020-12-01
oval:org.opensuse.security:def:33191	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31447	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25735	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31829	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26772	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25158	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25749	P	Security update for pidgin (Moderate)	2020-12-01
oval:org.opensuse.security:def:27191	P	libjasper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31459	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:25837	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:31895	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25170	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:31385	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:25531	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26626	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32572	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25362	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31529	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:26248	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25606	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:26728	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26572	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25500	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:31906	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:26306	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32304	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:26781	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26253	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31994	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26979	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25323	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:25956	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32409	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:27463	P	libmysql55client_r18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26391	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25335	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:31550	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32470	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32737	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31075	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25527	P	Security update for java-11-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31901	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26495	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:33152	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25853	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26737	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25665	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:26553	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31851	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25159	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:27226	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25530	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:31533	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:32533	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25234	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31442	P	Security update for policycoreutils (Low)	2020-12-01
oval:org.opensuse.security:def:25542	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31757	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26679	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25934	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25443	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31850	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:26262	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25734	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26767	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26607	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25584	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26944	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25872	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32360	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:26825	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26334	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25324	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:31458	P	Security update for postgresql91 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26354	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27498	P	libvorbis-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25777	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26475	P	Recommended update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:32698	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25399	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:26456	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:32514	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25789	P	Security update for flash-player (Critical)	2020-12-01
oval:org.mitre.oval:def:18690	P	DSA-1471-1 libvorbis - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:8019	P	DSA-1471 libvorbis -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22328	P	ELSA-2007:0845: libvorbis security update (Important)	2014-05-26
oval:org.mitre.oval:def:11449	V	lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.	2013-04-29
oval:com.redhat.rhsa:def:20070845	P	RHSA-2007:0845: libvorbis security update (Important)	2008-03-20
oval:org.debian:def:1471	V	several vulnerabilities	2008-01-21

BACK