CVE-2007-4029

Publication date 26 July 2007

Last updated 24 July 2024


Ubuntu priority

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Status

Package Ubuntu Release Status
libvorbis 7.04 feisty
Fixed 1.1.2.dfsg-1.2ubuntu2
6.10 edgy
Fixed 1.1.2-1ubuntu1.2
6.06 LTS dapper
Fixed 1.1.2-0ubuntu2.2

References

Related Ubuntu Security Notices (USN)

    • USN-498-1
    • libvorbis vulnerabilities
    • 16 August 2007

Other references