| Vulnerability Name: | CVE-2007-4066 (CCN-36761) | ||||||||||||||||||||||||||||||||
| Assigned: | 2007-07-26 | ||||||||||||||||||||||||||||||||
| Published: | 2007-07-26 | ||||||||||||||||||||||||||||||||
| Updated: | 2017-09-29 | ||||||||||||||||||||||||||||||||
| Summary: | Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4066 Source: CCN Type: RHSA-2007-0845 Important: libvorbis security update Source: CCN Type: RHSA-2007-0912 Important: libvorbis security update Source: SECUNIA Type: UNKNOWN 24923 Source: SECUNIA Type: Patch, Vendor Advisory 26865 Source: SECUNIA Type: UNKNOWN 27099 Source: SECUNIA Type: UNKNOWN 27170 Source: SECUNIA Type: UNKNOWN 27439 Source: SECUNIA Type: UNKNOWN 28614 Source: GENTOO Type: UNKNOWN GLSA-200710-03 Source: CCN Type: SECTRACK ID: 1018712 libvorbis Bugs Let Remote Users Deny Service or Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1018712 Source: CCN Type: ASA-2007-393 Libvorbis security update (RHSA-2007-0845) Source: CCN Type: ASA-2007-479 libvorbis security update (RHSA-2007-0912) Source: MISC Type: UNKNOWN http://svn.xiph.org/trunk/vorbis/CHANGES Source: DEBIAN Type: UNKNOWN DSA-1471 Source: DEBIAN Type: DSA-1471 libvorbis -- several vulnerabilities Source: CCN Type: GLSA-200710-03 libvorbis: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2007:194 Source: SUSE Type: UNKNOWN SUSE-SR:2007:023 Source: REDHAT Type: UNKNOWN RHSA-2007:0845 Source: REDHAT Type: UNKNOWN RHSA-2007:0912 Source: CCN Type: libvorbis Web site Xiph.org Source: CONFIRM Type: Patch https://bugzilla.redhat.com/show_bug.cgi?id=249780 Source: XF Type: UNKNOWN libvorbis-ogg-file-bo(36761) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11453 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13162 Source: CONFIRM Type: UNKNOWN https://trac.xiph.org/changeset/13168 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13169 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13170 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13172 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13211 Source: MISC Type: UNKNOWN https://trac.xiph.org/changeset/13215 Source: CONFIRM Type: UNKNOWN https://trac.xiph.org/ticket/300 Source: MISC Type: UNKNOWN https://trac.xiph.org/ticket/853 Source: SUSE Type: SUSE-SR:2007:023 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||