CVE-2007-4066

Published: 21 September 2007

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

Priority

Status

Package	Release	Status
libvorbis Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Released (1.2.0.dfsg-1)
	hardy	Released (1.2.0.dfsg-1)
	intrepid	Released (1.2.0.dfsg-1)
	jaunty	Released (1.2.0.dfsg-1)
	upstream	Released (1.2.0)
	Patches: upstream: https://trac.xiph.org/changeset/13162 upstream: https://trac.xiph.org/changeset/13168 upstream: https://trac.xiph.org/changeset/13169 upstream: https://trac.xiph.org/changeset/13170 upstream: https://trac.xiph.org/changeset/13172 upstream: https://trac.xiph.org/changeset/13211 upstream: https://trac.xiph.org/changeset/13215 vendor: http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4

References

Bugs

https://bugs.launchpad.net/bugs/185031

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›