CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
30.8%
vorbis-tools is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the buffer overflow in the library, which allows an attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files
github.com/xiph/vorbis
github.com/xiph/vorbis-tools
github.com/xiph/vorbis-tools/issues/41
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
xiph.org/vorbis/