Lucene search

[email protected]CVE-2007-3507

HistoryJul 02, 2007 - 7:30 p.m.

CVE-2007-3507

2007-07-0219:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3507

buffer overflow

flac123

vorbiscomment

code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.171 Low

EPSS

Percentile

96.1%

JSON

Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.

Affected configurations

NVD

Node

flac123flac123Range≤0.0.9

CPENameOperatorVersion
flac123:flac123flac123le0.0.9

CPE	Name	Operator	Version
flac123:flac123	flac123	le	0.0.9

References

osvdb.org/40524

secunia.com/advisories/26827

security.gentoo.org/glsa/glsa-200709-06.xml

securityreason.com/securityalert/2854

sourceforge.net/forum/forum.php?forum_id=710314

www.isecpartners.com/advisories/2007-002-flactools.txt

www.securityfocus.com/archive/1/472504/100/0/threaded

www.securityfocus.com/bid/24712

www.vupen.com/english/advisories/2007/2420

exchange.xforce.ibmcloud.com/vulnerabilities/35175

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.171 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2007-3507

gentoo1 fedora1 nessus3 openvas6 nvd1 freebsd1 ubuntucve1 prion1 securityvulns1 cvelist1