FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3106

This CVE name corresponds to:

Entered Topic
2007-07-26 libvorbis -- Multiple memory corruption flaws

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3106 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3106
Phase Assigned(20070607)

Description

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

References

Source Reference
BUGTRAQ 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws
MISC http://www.isecpartners.com/advisories/2007-003-libvorbis.txt
CONFIRM https://issues.rpath.com/browse/RPL-1590
CONFIRM http://www.tellini.org/blog/archives/32-Music-Box-1.6.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=245991
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=249780
CONFIRM https://trac.xiph.org/changeset/13160
DEBIAN DSA-1471
GENTOO GLSA-200710-03
MANDRIVA MDKSA-2007:167-1
REDHAT RHSA-2007:0845
REDHAT RHSA-2007:0912
UBUNTU USN-498-1
BID 25082
OVAL oval:org.mitre.oval:def:11449
VUPEN ADV-2007-2698
VUPEN ADV-2007-2760
SECUNIA 26232
SECUNIA 26087
SECUNIA 26299
SECUNIA 26429
SECUNIA 26535
SECUNIA 26865
SECUNIA 27099
SECUNIA 24923
SECUNIA 28614
XF libvorbis-inverse-code-execution(35622)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.