CVE-2007-3329 - OpenCVE

Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xvid	Xvid

Configuration 1 [-]

cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=183145
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55
http://osvdb.org/37728
http://secunia.com/advisories/25711	Vendor Advisory
http://secunia.com/advisories/26353	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml
http://www.securityfocus.com/bid/24561
https://exchange.xforce.ibmcloud.com/vulnerabilities/34949

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-21T18:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-06-21T00:00:00

Link: CVE-2007-3329

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-21T18:30:00.000

Modified: 2017-07-29T01:32:10.643

Link: CVE-2007-3329

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200708-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"name": "25711", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25711"}, {"name": "26353", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26353"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"name": "37728", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37728"}, {"name": "24561", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24561"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"name": "xvid-getintrablock-code-execution(34949)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200708-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"name": "25711", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25711"}, {"name": "26353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26353"}, {"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55", "refsource": "CONFIRM", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c", "refsource": "CONFIRM", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"name": "37728", "refsource": "OSVDB", "url": "http://osvdb.org/37728"}, {"name": "24561", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24561"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=183145", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"name": "xvid-getintrablock-code-execution(34949)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3329", "datePublished": "2007-06-21T18:00:00", "dateReserved": "2007-06-21T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7EBF71AE-3B19-45F8-9ED7-ED59885E33B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file."}, {"lang": "es", "value": "M\u00faltiples errores de \u00edndice de matriz en las funciones (1) get_intra_block, (2) get_inter_block_h263 y (3) get_inter_block_mpeg en el archivo src/bitstream/mbcoding.c en Xvid versi\u00f3n 1.1.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo dise\u00f1ado (a) Avi, (b) H.263 o (c) MPEG."}], "id": "CVE-2007-3329", "lastModified": "2017-07-29T01:32:10.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-21T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=183145"}, {"source": "cve@mitre.org", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c"}, {"source": "cve@mitre.org", "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37728"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25711"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26353"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24561"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34949"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}