CVE-2007-3329 - OpenCVE

Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xvid	Xvid

Configuration 1 [-]

cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=183145
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55
http://osvdb.org/37728
http://secunia.com/advisories/25711
http://secunia.com/advisories/26353
http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml
http://www.securityfocus.com/bid/24561
https://exchange.xforce.ibmcloud.com/vulnerabilities/34949

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-21T18:00:00

Updated: 2024-08-07T14:14:12.986Z

Reserved: 2007-06-21T00:00:00

Link: CVE-2007-3329

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-21T18:30:00.000

Modified: 2017-07-29T01:32:10.643

Link: CVE-2007-3329

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200708-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"name": "25711", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25711"}, {"name": "26353", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26353"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"name": "37728", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37728"}, {"name": "24561", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24561"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"name": "xvid-getintrablock-code-execution(34949)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200708-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"name": "25711", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25711"}, {"name": "26353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26353"}, {"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55", "refsource": "CONFIRM", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c", "refsource": "CONFIRM", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"name": "37728", "refsource": "OSVDB", "url": "http://osvdb.org/37728"}, {"name": "24561", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24561"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=183145", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"name": "xvid-getintrablock-code-execution(34949)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.986Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200708-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"name": "25711", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25711"}, {"name": "26353", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26353"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"name": "37728", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37728"}, {"name": "24561", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24561"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"name": "xvid-getintrablock-code-execution(34949)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3329", "datePublished": "2007-06-21T18:00:00", "dateReserved": "2007-06-21T00:00:00", "dateUpdated": "2024-08-07T14:14:12.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7EBF71AE-3B19-45F8-9ED7-ED59885E33B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}, {"lang": "es", "value": "M\u00faltiples errores de \u00edndice de matriz en las funciones (1) get_intra_block, (2) get_inter_block_h263 y (3) get_inter_block_mpeg en el archivo src/bitstream/mbcoding.c en Xvid versi\u00f3n 1.1.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo dise\u00f1ado (a) Avi, (b) H.263 o (c) MPEG."}], "id": "CVE-2007-3329", "lastModified": "2017-07-29T01:32:10.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-21T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"source": "cve@mitre.org", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"source": "cve@mitre.org", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37728"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25711"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26353"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24561"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}