Search for vulnerabilities
Vulnerability details: VCID-bmuc-6md1-aaah
Vulnerability ID VCID-bmuc-6md1-aaah
Aliases CVE-2007-3106
Summary lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0845
rhas Important https://access.redhat.com/errata/RHSA-2007:0912
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.01976 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.02574 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
epss 0.05187 https://api.first.org/data/v1/epss?cve=CVE-2007-3106
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-3106
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3106.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3106
https://bugzilla.redhat.com/show_bug.cgi?id=245991
https://bugzilla.redhat.com/show_bug.cgi?id=249780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
http://secunia.com/advisories/24923
http://secunia.com/advisories/26087
http://secunia.com/advisories/26232
http://secunia.com/advisories/26299
http://secunia.com/advisories/26429
http://secunia.com/advisories/26535
http://secunia.com/advisories/26865
http://secunia.com/advisories/27099
http://secunia.com/advisories/28614
http://security.gentoo.org/glsa/glsa-200710-03.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/35622
https://issues.rpath.com/browse/RPL-1590
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449
https://trac.xiph.org/changeset/13160
http://www.debian.org/security/2008/dsa-1471
http://www.isecpartners.com/advisories/2007-003-libvorbis.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1
http://www.redhat.com/support/errata/RHSA-2007-0845.html
http://www.redhat.com/support/errata/RHSA-2007-0912.html
http://www.securityfocus.com/archive/1/474729/100/0/threaded
http://www.securityfocus.com/bid/25082
http://www.tellini.org/blog/archives/32-Music-Box-1.6.html
http://www.ubuntu.com/usn/usn-498-1
http://www.vupen.com/english/advisories/2007/2698
http://www.vupen.com/english/advisories/2007/2760
669196 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196
CVE-2007-3106 https://nvd.nist.gov/vuln/detail/CVE-2007-3106
GLSA-200710-03 https://security.gentoo.org/glsa/200710-03
RHSA-2007:0845 https://access.redhat.com/errata/RHSA-2007:0845
RHSA-2007:0912 https://access.redhat.com/errata/RHSA-2007:0912
USN-498-1 https://usn.ubuntu.com/498-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3106
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89134
EPSS Score 0.01976
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.