QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-3106

Back to search

CVE-2007-3106

Published: Jul 26, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-498-1
vendor-advisory
x_refsource_UBUNTU
ADV-2007-2760
vdb-entry
x_refsource_VUPEN
26299
third-party-advisory
x_refsource_SECUNIA
28614
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11449
vdb-entry
signature
x_refsource_OVAL
DSA-1471
vendor-advisory
x_refsource_DEBIAN
26429
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:0912
vendor-advisory
x_refsource_REDHAT
GLSA-200710-03
vendor-advisory
x_refsource_GENTOO
26087
third-party-advisory
x_refsource_SECUNIA
25082
vdb-entry
x_refsource_BID
24923
third-party-advisory
x_refsource_SECUNIA
26535
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2698
vdb-entry
x_refsource_VUPEN
27099
third-party-advisory
x_refsource_SECUNIA
26232
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:167-1
vendor-advisory
x_refsource_MANDRIVA
26865
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:0845
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now