CVE-2007-4065

Description

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

How to fix CVE-2007-4065

To remediate CVE-2007-4065, upgrade the affected package to a fixed version below.

• Debian/libvorbis—upgrade to 1.2.0.dfsg-1 or later
• Debian/libvorbisidec—upgrade to 1.0.2+svn16259-2 or later

Is CVE-2007-4065 being exploited?

Moderate — EPSS is 5.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.2.0.dfsg-1
• from 0, < 1.0.2+svn16259-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4065