CVE-2007-5301
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2007-5301
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-5301.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2007-5301
- Related
- Published
- 2007-10-09T18:17:00Z
- Modified
- 2024-11-21T00:37:36Z
- Summary
- [none]
- Details
-
Buffer overflow in the vorbisstreaminfo function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
- References
-
- http://secunia.com/advisories/27117
- http://secunia.com/advisories/29680
- http://www.debian.org/security/2008/dsa-1538
- http://www.vupen.com/english/advisories/2007/3393
- http://sourceforge.net/forum/forum.php?forum_id=742584
- http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249
- http://www.securityfocus.com/archive/1/490671/100/0/threaded
- http://www.securityfocus.com/bid/25969
- http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36996
- https://www.exploit-db.com/exploits/5424
- https://security-tracker.debian.org/tracker/CVE-2007-5301
Affected packages
Debian:11 / alsaplayer
Package
- Name
- alsaplayer
- Purl
- pkg:deb/debian/alsaplayer?arch=source
Debian:12 / alsaplayer
Package
- Name
- alsaplayer
- Purl
- pkg:deb/debian/alsaplayer?arch=source
Debian:13 / alsaplayer
Package
- Name
- alsaplayer
- Purl
- pkg:deb/debian/alsaplayer?arch=source