CVE-2007-5301

EPSS 44.2%

alsaplayer - stack based buffer overflow in vorbis plugin

發布日:2007/10/9修改日:2026/4/28

描述

Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

受影響套件(3)

Debian/alsaplayerfrom 0, < 0.99.80~rc4-1
Debian/alsaplayerfrom 0, < 0.99.76-9+etch1
Debian/alsaplayerfrom 0, < 0.99.79-3+lenny1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-5301