Package vorbis-tools updated to version 1.4.2-alt1 for branch c9f2 in task 315950.

Published: 2015-08-08

BDU:2018-00034

Уязвимость функции aiff_open (oggenc/audio.c) пакета vorbis-tools, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

CVE-2015-6749

Published: 2015-01-23
Modified: 2024-11-21

CVE-2014-9638

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

Severity: MEDIUM (5.0)

References:

Published: 2015-01-23
Modified: 2024-11-21

CVE-2014-9639

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Severity: MEDIUM (5.0)

References:

Published: 2015-01-23
Modified: 2024-11-21

CVE-2014-9640

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Severity: MEDIUM (5.0)

References:

Published: 2015-09-21
Modified: 2024-11-21

CVE-2015-6749

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.

Severity: MEDIUM (4.3)

References:

Published: 2017-07-31
Modified: 2024-11-21

CVE-2017-11331

The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Package vorbis-tools update in c9f2 on 2023-03-14

ALT-PU-2023-1433-1

Closed vulnerabilities

BDU:2018-00034

CVE-2014-9638

CVE-2014-9639

CVE-2014-9640

CVE-2015-6749

CVE-2017-11331