CVE-2007-3106

Publication date 26 July 2007

Last updated 24 July 2024


Ubuntu priority

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

Status

Package Ubuntu Release Status
libvorbis 7.04 feisty
Fixed 1.1.2.dfsg-1.2ubuntu2
6.10 edgy
Fixed 1.1.2-1ubuntu1.2
6.06 LTS dapper
Fixed 1.1.2-0ubuntu2.2

References

Related Ubuntu Security Notices (USN)

    • USN-498-1
    • libvorbis vulnerabilities
    • 16 August 2007

Other references