Lucene search
GoogleOSV:DLA-317-1HistorySep 29, 2015 - 12:00 a.m.
vorbis-tools - security update
2015-09-2900:00:00
Google
osv.dev
13
EPSS
0.04
Percentile
92.2%
Various issues have been fixed in Debian LTS (squeeze) for package
vorbis-tools.
- CVE-2014-9638
A crafted WAV file with number of channels set to 0 will cause oggenc
to crash due to a division by zero issue. This issue has been fixed
upstream by providing a fix for CVE-2014-9639. Reported upstream by
zuBux. - CVE-2014-9639
An integer overflow issue was discovered in oggenc, related to the
number of channels in the input WAV file. The issue triggers an
out-of-bounds memory access which causes oggenc to crash here
(audio.c). Reported upstream by zuBux.
The upstream fix for this has been backported to vorbis-tools in
Debian LTS (squeeze).
- CVE-2014-9640
Fix for a crash on closing raw input (dd if=/dev/zero bs=1 count=1 |
oggenc -r - -o out.ogg). Reported upstream by hanno.
The upstream fix for this has been backported to vorbis-tools in
Debian LTS (squeeze).
- CVE-2015-6749
Buffer overflow in the aiff_open function in oggenc/audio.c in
vorbis-tools 1.4.0 and earlier allowed remote attackers to cause a
denial of service (crash) via a crafted AIFF file. Reported upstream
by pengsu.
The upstream fix for this has been backported to vorbis-tools in
Debian LTS (squeeze).
References
Related
osv
osv
vorbis-tools - security update
2017-07-03 00:00:00
vorbis-tools-1.4.0-22.6 on GA media
2024-06-15 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1010-1)
2018-02-04 00:00:00
Debian: Security Advisory (DLA-317-1)
2023-03-08 00:00:00
Fedora Update for vorbis-tools FEDORA-2015-2335
2015-03-01 00:00:00
debian
debian
[SECURITY] [DLA 317-1] vorbis-tools security update
2015-09-29 09:08:56
[SECURITY] [DLA 1010-1] vorbis-tools security update
2017-07-03 09:34:32
nessus
nessus
Debian DLA-1010-1 : vorbis-tools security update
2017-07-05 00:00:00
Debian DLA-317-1 : vorbis-tools security update
2015-09-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1994
2021-07-02 18:19:13
freebsd
freebsd
vorbis-tools, opus-tools -- multiple vulnerabilities
2015-08-08 00:00:00
archlinux
archlinux
vorbis-tools: denial of service
2015-03-25 00:00:00
vorbis-tools: denial of service
2015-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: vorbis-tools-1.4.0-19.fc21
2015-02-28 10:24:40
[SECURITY] Fedora 20 Update: vorbis-tools-1.4.0-14.fc20
2015-02-28 10:27:05
[SECURITY] Fedora 22 Update: vorbis-tools-1.4.0-20.fc22
2015-09-16 21:24:46
mageia
mageia
Updated vorbis-tools packages fix security vulnerabilities
2015-03-05 22:34:09
Updated vorbis-tools packages fix CVE-2015-6749
2015-09-08 20:55:59
Updated vorbis-tools package fixes security vulnerability
2015-02-06 01:26:07
cbl_mariner
cbl_mariner
CVE-2015-6749 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
CVE-2015-6749 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
CVE-2014-9639 affecting package vorbis-tools for versions less than 1.4.0-35
2023-02-14 22:19:20
debiancve
debiancve
cve
cve
cvelist
cvelist
prion
prion
Buffer overflow
2015-09-21 19:59:00
Integer overflow
2015-01-23 15:59:00
Design/Logic Flaw
2015-01-23 15:59:00
ubuntucve
ubuntucve
nvd
nvd
securityvulns
securityvulns
vorbis-tools DoS
2015-02-23 00:00:00
[ MDVSA-2015:037 ] vorbis-tools
2015-02-23 00:00:00