CVE-2007-5301

AlsaPlayer < 0.99.80-rc2 - Buffer Overflow in Vorbis Input Plugin

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-5301. PoCs published by Albert Sellares, Erik.

AI-analyzed exploit summary This exploit leverages a buffer overflow in alsaplayer via a maliciously crafted OGG file with an overly long TITLE tag. The provided shellcode executes arbitrary code when the file is played, demonstrating remote code execution (RCE).

Description

Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Albert Sellares · textlocallinux
https://www.exploit-db.com/exploits/5424

This exploit leverages a buffer overflow in alsaplayer via a maliciously crafted OGG file with an overly long TITLE tag. The provided shellcode executes arbitrary code when the file is played, demonstrating remote code execution (RCE).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: alsaplayer (Debian Etch packages)
No auth needed
Prerequisites: vulnerable version of alsaplayer · ability to deliver a malicious OGG file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Erik · textdoslinux
https://www.exploit-db.com/exploits/30648

The provided text describes a remote buffer overflow vulnerability in AlsaPlayer versions prior to 0.99.80-rc3, which allows arbitrary code execution due to insufficient bounds checking. The exploit details are referenced from a security advisory, but no actual exploit code is included.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: AlsaPlayer < 0.99.80-rc3
No auth needed
Prerequisites: Network access to the target application · User interaction to trigger the vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1538
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25969
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27117
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5424
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36996
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490671/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29680
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3393

Scores

EPSS 0.1024
EPSS Percentile 95.1%

Details

CWE
CWE-119
Status published
Products (1)
alsaplayer/alsaplayer < 0.99.80-rc2
Published Oct 09, 2007
Tracked Since Feb 18, 2026