CVE-2007-3106

Related Files

Debian Linux Security Advisory 1471-1

Posted Jan 22, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1471-1 - Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, debian

advisories | CVE-2007-3106, CVE-2007-4029, CVE-2007-4066

SHA-256 | 9455ad4d2904120aeca597a63392dffd98808448e770f76c76d0d82299d81a38

Download | Favorite | View

Gentoo Linux Security Advisory 200710-3

Posted Oct 9, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-03 - David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.

tags | advisory, denial of service, overflow, vulnerability

systems | linux, gentoo

advisories | CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066

SHA-256 | 7a907b2348ce906142b3aba0da5822b07995f88558fb4c797503d30416a2a1e2

Download | Favorite | View

Mandriva Linux Security Advisory 2007.167

Posted Aug 21, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.

tags | advisory, remote, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2007-3106, CVE-2007-4029

SHA-256 | 175eb5fa9ed870c77cbc8a2b167b2421c3a350354cb30badfca7b7f931da3266

Download | Favorite | View

Mandriva Linux Security Advisory 2007.167

Posted Aug 20, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.

tags | advisory, remote, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2007-3106, CVE-2007-4029

SHA-256 | 2a84deee1c87a340c848a8dee55fb79a9600e63608ef2b7655ad0d42cfc1ac6d

Download | Favorite | View

Ubuntu Security Notice 498-1

Posted Aug 16, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 498-1 - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2007-3106, CVE-2007-4029

SHA-256 | a4511d1bd36f2afda09a7e3ac14b8473de0af19daba8edad473f4096b0b8fcc2

Download | Favorite | View