What is the severity of CVE-2007-1804?

CVE-2007-1804 has a high severity level due to its potential to cause a denial of service by crashing the PulseAudio daemon.

How do I fix CVE-2007-1804?

To fix CVE-2007-1804, upgrade to a patched version of PulseAudio newer than 0.9.5 that resolves these vulnerabilities.

What impact does CVE-2007-1804 have on my system?

The impact of CVE-2007-1804 is that it can crash the PulseAudio daemon, leading to service interruptions.

Can CVE-2007-1804 be exploited remotely?

Yes, CVE-2007-1804 can be exploited remotely via specially crafted TCP packets sent to the PulseAudio daemon.

Which versions of PulseAudio are affected by CVE-2007-1804?

PulseAudio version 0.9.5 is specifically affected by CVE-2007-1804.

Vulnerability/
CVE-2007-1804

high

7.8

CWE

NVD-CWE-Other

2/4/2007

7/8/2024

CVE-2007-1804

First published: Mon Apr 02 2007(Updated: )

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PulseAudio	=0.9.5

Remedy

http://aluigi.altervista.org/adv/pulsex-adv.txt

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-1804?
CVE-2007-1804 has a high severity level due to its potential to cause a denial of service by crashing the PulseAudio daemon.
How do I fix CVE-2007-1804?
To fix CVE-2007-1804, upgrade to a patched version of PulseAudio newer than 0.9.5 that resolves these vulnerabilities.
What impact does CVE-2007-1804 have on my system?
The impact of CVE-2007-1804 is that it can crash the PulseAudio daemon, leading to service interruptions.
Can CVE-2007-1804 be exploited remotely?
Yes, CVE-2007-1804 can be exploited remotely via specially crafted TCP packets sent to the PulseAudio daemon.
Which versions of PulseAudio are affected by CVE-2007-1804?
PulseAudio version 0.9.5 is specifically affected by CVE-2007-1804.

agent/softwarecombine
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/remedy
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/pulseaudio
canonical/pulseaudio
version/pulseaudio/0.9.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.