Launchpad.net

CVE 2007-5301

Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

Related bugs and status

CVE-2007-5301 (Candidate) is related to these bugs:

Bug #117395: Alsaplayer crashes

Summary				In	Importance	Status
	117395	Alsaplayer crashes		alsaplayer (Ubuntu)	Undecided	New

Bug #151806: CVE-2007-5301 buffer overflow in vorbis input plugi

		In	Importance	Status
151806	CVE-2007-5301 buffer overflow in vorbis input plugi	alsaplayer (Ubuntu)	Undecided	Fix Released
151806	CVE-2007-5301 buffer overflow in vorbis input plugi	alsaplayer (Debian)	Unknown	Fix Released
151806	CVE-2007-5301 buffer overflow in vorbis input plugi	alsaplayer (Ubuntu Dapper)	Undecided	Invalid
151806	CVE-2007-5301 buffer overflow in vorbis input plugi	alsaplayer (Ubuntu Feisty)	Undecided	Won't Fix
151806	CVE-2007-5301 buffer overflow in vorbis input plugi	alsaplayer (Ubuntu Edgy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5301

Related bugs and status

Related bugs

References