CVE-2007-4029

Publication date 26 July 2007

Last updated 24 July 2024

Ubuntu priority

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libvorbis	7.04 feisty	Fixed 1.1.2.dfsg-1.2ubuntu2
	6.10 edgy	Fixed 1.1.2-1ubuntu1.2
	6.06 LTS dapper	Fixed 1.1.2-0ubuntu2.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-498-1
libvorbis vulnerabilities
16 August 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4029