CVE-2007-4065

Publication date 21 September 2007

Last updated 24 July 2024

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libvorbis	9.04 jaunty	Fixed 1.2.0.dfsg-1
	8.10 intrepid	Fixed 1.2.0.dfsg-1
	8.04 LTS hardy	Fixed 1.2.0.dfsg-1
	7.10 gutsy	Fixed 1.2.0.dfsg-1
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvorbis	Upstream: https://trac.xiph.org/changeset/13211 Upstream: https://trac.xiph.org/changeset/13217 Upstream: http://patch-tracking.debian.net/patch/misc/view/libvorbis/1.1.2.dfsg-1.4/lib/vorbisfile.c

References

MITRE
NVD
Launchpad
Debian

Other references

https://lists.opensuse.org/opensuse-security-announce/2007-10/msg00009.html
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libvorbis-1.1.2-35.src.rpm
https://bugzilla.redhat.com/show_bug.cgi?id=249780
https://www.cve.org/CVERecord?id=CVE-2007-4065