Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiph vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local malicious user to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Xiph Vorbis-tools 1.4.2
7.8
CVSSv3
CVE-2022-47021
A null pointer dereference issue exists in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows malicious users to cause denial of service or other unspecified impacts.
Xiph Opusfile
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.5
CVSSv3
CVE-2020-23903
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows malicious users to cause a denial of service (DoS) via a crafted WAV file.
Xiph Speex 1.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5.5
CVSSv3
CVE-2020-23904
A stack buffer overflow in speexenc.c of Speex v1.2 allows malicious users to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Xiph Speex 1.2
8.1
CVSSv3
CVE-2018-18820
A buffer overflow exists in the URL-authentication backend of the Icecast prior to 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code e...
Xiph Icecast
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.5
CVSSv3
CVE-2017-11331
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote malicious users to cause a denial of service (memory allocation error) via a crafted wav file.
Xiph Vorbis-tools 1.4.0
1 EDB exploit
5.5
CVSSv3
CVE-2017-11548
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote malicious users to cause a denial of service (memory corruption) via a crafted MP3 file.
Xiph Libao 1.2.0
1 EDB exploit
NA
CVE-2015-6749
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted AIFF file.
Xiph Vorbis-tools
NA
CVE-2015-3026
Icecast prior to 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mo...
Xiph Icecast
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2014-9638
oggenc in vorbis-tools 1.4.0 allows remote malicious users to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
Opensuse Opensuse 13.2
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Fedoraproject Fedora 20
Xiph Vorbis-tools 1.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »