Search for vulnerabilities
Vulnerability details: VCID-na6h-ugnk-aaaq
Vulnerability ID VCID-na6h-ugnk-aaaq
Aliases CVE-2007-4066
Summary Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0845
rhas Important https://access.redhat.com/errata/RHSA-2007:0912
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01942 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01942 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.01942 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.02650 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
epss 0.03387 https://api.first.org/data/v1/epss?cve=CVE-2007-4066
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-4066
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4066.json
https://api.first.org/data/v1/epss?cve=CVE-2007-4066
https://bugzilla.redhat.com/show_bug.cgi?id=249780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066
http://secunia.com/advisories/24923
http://secunia.com/advisories/26865
http://secunia.com/advisories/27099
http://secunia.com/advisories/27170
http://secunia.com/advisories/27439
http://secunia.com/advisories/28614
http://security.gentoo.org/glsa/glsa-200710-03.xml
http://securitytracker.com/id?1018712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453
https://trac.xiph.org/changeset/13162
https://trac.xiph.org/changeset/13168
https://trac.xiph.org/changeset/13169
https://trac.xiph.org/changeset/13170
https://trac.xiph.org/changeset/13172
https://trac.xiph.org/changeset/13211
https://trac.xiph.org/changeset/13215
https://trac.xiph.org/ticket/300
https://trac.xiph.org/ticket/853
http://svn.xiph.org/trunk/vorbis/CHANGES
http://www.debian.org/security/2008/dsa-1471
http://www.mandriva.com/security/advisories?name=MDKSA-2007:194
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0845.html
http://www.redhat.com/support/errata/RHSA-2007-0912.html
669196 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196
cpe:2.3:a:xiph.org:libvorbis:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph.org:libvorbis:*:*:*:*:*:*:*:*
CVE-2007-4066 https://nvd.nist.gov/vuln/detail/CVE-2007-4066
GLSA-200710-03 https://security.gentoo.org/glsa/200710-03
RHSA-2007:0845 https://access.redhat.com/errata/RHSA-2007:0845
RHSA-2007:0912 https://access.redhat.com/errata/RHSA-2007:0912
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-4066
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.7759
EPSS Score 0.01263
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.