Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiph vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local malicious user to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Xiph Vorbis-tools 1.4.2
7.8
CVSSv3
CVE-2022-47021
A null pointer dereference issue exists in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows malicious users to cause denial of service or other unspecified impacts.
Xiph Opusfile
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.5
CVSSv3
CVE-2020-23903
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows malicious users to cause a denial of service (DoS) via a crafted WAV file.
Xiph Speex 1.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5.5
CVSSv3
CVE-2020-23904
A stack buffer overflow in speexenc.c of Speex v1.2 allows malicious users to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Xiph Speex 1.2
8.1
CVSSv3
CVE-2018-18820
A buffer overflow exists in the URL-authentication backend of the Icecast prior to 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code e...
Xiph Icecast
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.5
CVSSv3
CVE-2017-11548
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote malicious users to cause a denial of service (memory corruption) via a crafted MP3 file.
Xiph Libao 1.2.0
1 EDB exploit
5.5
CVSSv3
CVE-2017-11331
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote malicious users to cause a denial of service (memory allocation error) via a crafted wav file.
Xiph Vorbis-tools 1.4.0
1 EDB exploit
NA
CVE-2015-6749
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted AIFF file.
Xiph Vorbis-tools
NA
CVE-2015-3026
Icecast prior to 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mo...
Xiph Icecast
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2014-9639
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote malicious users to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Xiph Vorbis-tools 1.4.0
Fedoraproject Fedora 20
Opensuse Opensuse 13.1
Fedoraproject Fedora 21
Opensuse Opensuse 13.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »