Vulnerability Details : CVE-2007-3329
Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.
Vulnerability category: Execute code
Products affected by CVE-2007-3329
- cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3329
16.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3329
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-3329
-
http://www.gentoo.org/security/en/glsa/glsa-200708-02.xml
-
http://www.securityfocus.com/bid/24561
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34949
-
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c
-
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c?r1=1.54&r2=1.55
-
http://bugs.gentoo.org/show_bug.cgi?id=183145
Jump to