VDB
CVE-2007-3106
CVE-2007-3106
PUBLISHED
Reported by redhat · Published July 26, 2007
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Jul 26, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- x_refsource_MISC
- x_refsource_CONFIRM
- USN-498-1 vendor-advisoryx_refsource_UBUNTU
- ADV-2007-2760 vdb-entryx_refsource_VUPEN
- 26299 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- 28614 third-party-advisoryx_refsource_SECUNIA
- oval:org.mitre.oval:def:11449 vdb-entrysignaturex_refsource_OVAL
- DSA-1471 vendor-advisoryx_refsource_DEBIAN
- 26429 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- RHSA-2007:0912 vendor-advisoryx_refsource_REDHAT
- GLSA-200710-03 vendor-advisoryx_refsource_GENTOO
- x_refsource_CONFIRM
- 26087 third-party-advisoryx_refsource_SECUNIA
- 25082 vdb-entryx_refsource_BID
- 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws mailing-listx_refsource_BUGTRAQ
- x_refsource_CONFIRM
- 24923 third-party-advisoryx_refsource_SECUNIA
- 26535 third-party-advisoryx_refsource_SECUNIA
…and 7 more