Vulnerability Name:

CVE-2007-5301 (CCN-36996)

Assigned:2007-10-06
Published:2007-10-06
Updated:2018-10-15
Summary:Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-5301

Source: CCN
Type: SA27117
AlsaPlayer Vorbis Input Plug-in OGG Processing Buffer Overflows

Source: SECUNIA
Type: Vendor Advisory
27117

Source: SECUNIA
Type: UNKNOWN
29680

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/forum/forum.php?forum_id=742584

Source: CCN
Type: SourceForge.net: Files
AlsaPlayer - File Release Notes and Changelog - Release Name: alsaplayer-0.99.80-rc3

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249

Source: CCN
Type: AlsaPlayer Web site
AlsaPlayer

Source: DEBIAN
Type: UNKNOWN
DSA-1538

Source: DEBIAN
Type: DSA-1538
alsaplayer -- buffer overrun

Source: CCN
Type: OSVDB ID: 41643
AlsaPlayer Vorbis Input Plug-in input/vorbis/vorbis_engine.c vorbis_stream_info Function OGG File Handling Overflow

Source: BUGTRAQ
Type: UNKNOWN
20080409 [CVE-2007-5301] alsaplayer PoC - exploit

Source: BID
Type: UNKNOWN
25969

Source: CCN
Type: BID-25969
AlsaPlayer Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3393

Source: MISC
Type: UNKNOWN
http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh

Source: XF
Type: UNKNOWN
alsaplayer-vorbis-input-bo(36996)

Source: XF
Type: UNKNOWN
alsaplayer-vorbis-input-bo(36996)

Source: EXPLOIT-DB
Type: UNKNOWN
5424

Vulnerable Configuration:Configuration 1:
  • cpe:/a:alsaplayer:alsaplayer:*:*:*:*:*:*:*:* (Version <= 0.99.80-rc2)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7792
    P
    		DSA-1538 alsaplayer -- buffer overrun
    2014-06-23
    oval:org.mitre.oval:def:20213
    P
    		DSA-1538-1 alsaplayer - arbitrary code execution
    2014-06-23
    oval:org.debian:def:1538
    V
    		buffer overrun
    2008-04-04
    BACK
    alsaplayer alsaplayer *