4.3
CVE-2007-4066
- EPSS 1.84%
- Veröffentlicht 21.09.2007 19:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:20
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.84% | 0.762 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/24923
http://secunia.com/advisories/26865
http://secunia.com/advisories/27099
http://secunia.com/advisories/28614
http://security.gentoo.org/glsa/glsa-200710-03.xml
http://www.debian.org/security/2008/dsa-1471
http://www.redhat.com/support/errata/RHSA-2007-0845.html
http://www.redhat.com/support/errata/RHSA-2007-0912.html
https://bugzilla.redhat.com/show_bug.cgi?id=249780
http://secunia.com/advisories/27439
http://securitytracker.com/id?1018712
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://secunia.com/advisories/27170
http://svn.xiph.org/trunk/vorbis/CHANGES
http://www.mandriva.com/security/advisories?name=MDKSA-2007:194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453
https://trac.xiph.org/changeset/13162
https://trac.xiph.org/changeset/13168
https://trac.xiph.org/changeset/13169
https://trac.xiph.org/changeset/13170
https://trac.xiph.org/changeset/13172
https://trac.xiph.org/changeset/13211
https://trac.xiph.org/changeset/13215
https://trac.xiph.org/ticket/300
https://trac.xiph.org/ticket/853