PublicDate: 2007-09-21 19:17:00 UTC
Candidate: CVE-2007-4066
References: 
 https://lists.opensuse.org/opensuse-security-announce/2007-10/msg00009.html
 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libvorbis-1.1.2-35.src.rpm
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066
 https://bugzilla.redhat.com/show_bug.cgi?id=249780
Description:
 Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow
 context-dependent attackers to cause a denial of service or have other
 unspecified impact via a crafted OGG file, aka trac Changesets 13162,
 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an
 overflow in oggenc.exe related to the _psy_noiseguards_8 array.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/bugs/185031
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 
Patches_libvorbis:
 upstream: https://trac.xiph.org/changeset/13162
 upstream: https://trac.xiph.org/changeset/13168
 upstream: https://trac.xiph.org/changeset/13169
 upstream: https://trac.xiph.org/changeset/13170
 upstream: https://trac.xiph.org/changeset/13172
 upstream: https://trac.xiph.org/changeset/13211
 upstream: https://trac.xiph.org/changeset/13215
 vendor: http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4
upstream_libvorbis: released (1.2.0)
dapper_libvorbis: ignored (reached end-of-life)
edgy_libvorbis: needed (reached end-of-life)
feisty_libvorbis: needed (reached end-of-life)
gutsy_libvorbis: released (1.2.0.dfsg-1)
hardy_libvorbis: released (1.2.0.dfsg-1)
intrepid_libvorbis: released (1.2.0.dfsg-1)
jaunty_libvorbis: released (1.2.0.dfsg-1)
devel_libvorbis: released (1.2.0.dfsg-1)