CVE-2007-4066

Publication date 21 September 2007

Last updated 24 July 2024

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvorbis	9.04 jaunty	Fixed 1.2.0.dfsg-1
	8.10 intrepid	Fixed 1.2.0.dfsg-1
	8.04 LTS hardy	Fixed 1.2.0.dfsg-1
	7.10 gutsy	Fixed 1.2.0.dfsg-1
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvorbis	Upstream: https://trac.xiph.org/changeset/13162 Upstream: https://trac.xiph.org/changeset/13168 Upstream: https://trac.xiph.org/changeset/13169 Upstream: https://trac.xiph.org/changeset/13170 Upstream: https://trac.xiph.org/changeset/13172 Upstream: https://trac.xiph.org/changeset/13211 Upstream: https://trac.xiph.org/changeset/13215 Vendor: http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4

Package

Patch details

libvorbis

Upstream: https://trac.xiph.org/changeset/13162
Upstream: https://trac.xiph.org/changeset/13168
Upstream: https://trac.xiph.org/changeset/13169
Upstream: https://trac.xiph.org/changeset/13170
Upstream: https://trac.xiph.org/changeset/13172
Upstream: https://trac.xiph.org/changeset/13211
Upstream: https://trac.xiph.org/changeset/13215
Vendor: http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4

CVE-2007-4066

Status

Patch details

References

Other references