Lucene search
UbuntuUSN-498-1HistoryAug 16, 2007 - 12:00 a.m.
libvorbis vulnerabilities
2007-08-1600:00:00
ubuntu.com
25
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.033
Percentile
91.4%
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Details
David Thiel discovered that libvorbis did not correctly verify the size
of certain headers, and did not correctly clean up a broken stream.
If a user were tricked into processing a specially crafted Vorbis stream,
a remote attacker could execute arbitrary code with the user’s privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | libvorbis0a | < 1.1.2.dfsg-1.2ubuntu2 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libvorbis0a | < 1.1.2-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libvorbis0a | < 1.1.2-0ubuntu2.2 | UNKNOWN |
Related
openvas
openvas
Ubuntu Update for libvorbis vulnerabilities USN-498-1
2009-03-23 00:00:00
Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-498-1)
2009-03-23 00:00:00
securityvulns
securityvulns
libvorbis library multiple memory corruptions
2007-07-27 00:00:00
ubuntucve
ubuntucve
CVE-2007-3106
2007-07-26 00:00:00
CVE-2007-4029
2007-07-26 00:00:00
cvelist
cvelist
CVE-2007-3106
2007-07-26 21:00:00
CVE-2007-4029
2007-07-26 22:00:00
nessus
nessus
Mandrake Linux Security Advisory : libvorbis (MDKSA-2007:167-1)
2009-04-23 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : libvorbis vulnerabilities (USN-498-1)
2007-11-10 00:00:00
Debian DSA-1471-1 : libvorbis - several vulnerabilities
2008-01-27 00:00:00
debiancve
debiancve
CVE-2007-3106
2007-07-26 21:30:00
CVE-2007-4029
2007-07-26 22:30:00
nvd
nvd
CVE-2007-3106
2007-07-26 21:30:00
CVE-2007-4029
2007-07-26 22:30:00
prion
prion
Heap overflow
2007-07-26 21:30:00
Out-of-bounds
2007-07-26 22:30:00
cve
cve
CVE-2007-3106
2007-07-26 21:30:00
CVE-2007-4029
2007-07-26 22:30:00
debian
debian
[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities
2008-01-21 18:06:25
centos
centos
libvorbis security update
2007-09-19 17:46:48
libvorbis security update
2007-10-15 02:00:31
redhat
redhat
(RHSA-2007:0845) Important: libvorbis security update
2007-09-19 00:00:00
(RHSA-2007:0912) Important: libvorbis security update
2007-10-11 00:00:00
gentoo
gentoo
libvorbis: Multiple vulnerabilities
2007-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: libvorbis-1.1.2-3.fc7
2007-08-24 05:38:37
oraclelinux
oraclelinux
Important:libvorbis security update
2007-09-19 00:00:00
freebsd
freebsd
libvorbis -- Multiple memory corruption flaws
2007-06-05 00:00:00
osv
osv
libvorbis-devel-1.3.7-1.6 on GA media
2024-06-15 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.033
Percentile
91.4%
Related for USN-498-1