lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a heap overwrite in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rpath_linux | Rpath | 1 (including) | 1 (including) |
| Rpath_linux | Rpath | 1.0.1 (including) | 1.0.1 (including) |
| Rpath_linux | Rpath | 1.0.2 (including) | 1.0.2 (including) |
| Rpath_linux | Rpath | 1.0.3 (including) | 1.0.3 (including) |
| Rpath_linux | Rpath | 1.0.4 (including) | 1.0.4 (including) |
| Rpath_linux | Rpath | 1.0.5 (including) | 1.0.5 (including) |
| Rpath_linux | Rpath | 1.0.6 (including) | 1.0.6 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | libvorbis-0:1.0rc2-7.el2 | * |
| Red Hat Enterprise Linux 3 | RedHat | libvorbis-1:1.0-8.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | libvorbis-1:1.1.0-2.el4.5 | * |
| Red Hat Enterprise Linux 5 | RedHat | libvorbis-1:1.1.2-3.el5.0 | * |
| Libvorbis | Ubuntu | dapper | * |
| Libvorbis | Ubuntu | edgy | * |
| Libvorbis | Ubuntu | feisty | * |
| Libvorbis | Ubuntu | upstream | * |