Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1010-1:58DAA
HistoryJul 03, 2017 - 9:34 a.m.

[SECURITY] [DLA 1010-1] vorbis-tools security update

2017-07-0309:34:32
lists.debian.org
14

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.04

Percentile

92.2%

JSON

Package : vorbis-tools
Version : 1.4.0-1+deb7u1
CVE ID : CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749
Debian Bug : 797461 776086 771363

vorbis-tools is vulnerable to multiple issues that can result in denial
of service.

CVE-2014-9638

Divide by zero error in oggenc with a WAV file whose number of
channels is set to zero.

CVE-2014-9639

Integer overflow in oggenc via a crafted number of channels in a WAV
file, which triggers an out-of-bounds memory access.

CVE-2014-9640

Out-of bounds read in oggenc via a crafted raw file.

CVE-2015-6749

Buffer overflow in the aiff_open function in oggenc/audio.c
via a crafted AIFF file.

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.0-1+deb7u1.

We recommend that you upgrade your vorbis-tools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–
RaphaΓ«l Hertzog β—ˆ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian7i386vorbis-tools-dbg<Β 1.4.0-1+deb7u1vorbis-tools-dbg_1.4.0-1+deb7u1_i386.deb
Debian8i386vorbis-tools<Β 1.4.0-6+deb8u1vorbis-tools_1.4.0-6+deb8u1_i386.deb
Debian8mipsvorbis-tools-dbg<Β 1.4.0-6+deb8u1vorbis-tools-dbg_1.4.0-6+deb8u1_mips.deb
Debian8powerpcvorbis-tools<Β 1.4.0-6+deb8u1vorbis-tools_1.4.0-6+deb8u1_powerpc.deb
Debian7allvorbis-tools<Β 1.4.0-1+deb7u1vorbis-tools_1.4.0-1+deb7u1_all.deb
Debian8arm64vorbis-tools-dbg<Β 1.4.0-6+deb8u1vorbis-tools-dbg_1.4.0-6+deb8u1_arm64.deb
Debian8armhfvorbis-tools-dbg<Β 1.4.0-6+deb8u1vorbis-tools-dbg_1.4.0-6+deb8u1_armhf.deb
Debian7armelvorbis-tools<Β 1.4.0-1+deb7u1vorbis-tools_1.4.0-1+deb7u1_armel.deb
Debian8armelvorbis-tools<Β 1.4.0-6+deb8u1vorbis-tools_1.4.0-6+deb8u1_armel.deb
Debian8s390xvorbis-tools<Β 1.4.0-6+deb8u1vorbis-tools_1.4.0-6+deb8u1_s390x.deb
Rows per page:
1-10 of 351

Related

osv 3
openvas 13
debian 1
nessus 20
rosalinux 1
freebsd 1
archlinux 2
fedora 6
mageia 3
cbl_mariner 6
cvelist 4
prion 4
debiancve 4
cve 4
ubuntucve 4
nvd 4
securityvulns 2
osv
osv
vorbis-tools - security update
2015-09-29 00:00:00
vorbis-tools-1.4.0-22.6 on GA media
2024-06-15 00:00:00
vorbis-tools - security update
2017-07-03 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1010-1)
2018-02-04 00:00:00
Debian: Security Advisory (DLA-317-1)
2023-03-08 00:00:00
Fedora Update for vorbis-tools FEDORA-2015-2335
2015-03-01 00:00:00
debian
debian
[SECURITY] [DLA 317-1] vorbis-tools security update
2015-09-29 09:08:56
nessus
nessus
Debian DLA-1010-1 : vorbis-tools security update
2017-07-05 00:00:00
Debian DLA-317-1 : vorbis-tools security update
2015-09-30 00:00:00
FreeBSD : vorbis-tools, opus-tools -- multiple vulnerabilities (a35f415d-572a-11e5-b0a4-f8b156b6dcc8)
2015-09-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1994
2021-07-02 18:19:13
freebsd
freebsd
vorbis-tools, opus-tools -- multiple vulnerabilities
2015-08-08 00:00:00
archlinux
archlinux
vorbis-tools: denial of service
2015-03-25 00:00:00
vorbis-tools: denial of service
2015-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: vorbis-tools-1.4.0-19.fc21
2015-02-28 10:24:40
[SECURITY] Fedora 20 Update: vorbis-tools-1.4.0-14.fc20
2015-02-28 10:27:05
[SECURITY] Fedora 22 Update: vorbis-tools-1.4.0-20.fc22
2015-09-16 21:24:46
mageia
mageia
Updated vorbis-tools packages fix security vulnerabilities
2015-03-05 22:34:09
Updated vorbis-tools packages fix CVE-2015-6749
2015-09-08 20:55:59
Updated vorbis-tools package fixes security vulnerability
2015-02-06 01:26:07
cbl_mariner
cbl_mariner
CVE-2015-6749 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
CVE-2015-6749 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
CVE-2014-9639 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
cvelist
cvelist
CVE-2015-6749
2015-09-21 19:00:00
CVE-2014-9638
2015-01-23 15:00:00
CVE-2014-9639
2015-01-23 15:00:00
prion
prion
Buffer overflow
2015-09-21 19:59:00
Integer overflow
2015-01-23 15:59:00
Design/Logic Flaw
2015-01-23 15:59:00
debiancve
debiancve
CVE-2015-6749
2015-09-21 19:59:02
CVE-2014-9639
2015-01-23 15:59:09
CVE-2014-9638
2015-01-23 15:59:07
cve
cve
CVE-2015-6749
2015-09-21 19:59:02
CVE-2014-9639
2015-01-23 15:59:09
CVE-2014-9638
2015-01-23 15:59:07
ubuntucve
ubuntucve
CVE-2014-9640
2015-01-23 00:00:00
CVE-2014-9639
2015-01-23 00:00:00
CVE-2015-6749
2015-09-21 00:00:00
nvd
nvd
CVE-2015-6749
2015-09-21 19:59:02
CVE-2014-9640
2015-01-23 15:59:10
CVE-2014-9639
2015-01-23 15:59:09
securityvulns
securityvulns
vorbis-tools DoS
2015-02-23 00:00:00
[ MDVSA-2015:037 ] vorbis-tools
2015-02-23 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.04

Percentile

92.2%

JSON
Related for DEBIAN:DLA-1010-1:58DAA
osv3openvas13debian1nessus20rosalinux1freebsd1archlinux2fedora6mageia3cbl_mariner6cvelist4prion4debiancve4cve4ubuntucve4nvd4securityvulns2