Published: 23/01/2015 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted raw file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xiph vorbis-tools 1.4.0
opensuse opensuse 13.2
opensuse opensuse 13.1

Debian Bug report logs - #776086 CVE-2014-9638 CVE-2014-9639 Package: src:vorbis-tools; Maintainer for src:vorbis-tools is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Jan 2015 18:27:07 UTC Severity: important Tags: security, u ...

Debian Bug report logs - #797461 vorbis-tools: CVE-2015-6749 invalid AIFF file cause alloca() buffer overflow Package: vorbis-tools; Maintainer for vorbis-tools is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vorbis-tools is src:vorbis-tools (PTS, buildd, popcon) Reported by: Petter Reinhold ...

oggenc/oggencc in vorbis-tools 140 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file ...

CWE-119 https://trac.xiph.org/changeset/19117 http://www.openwall.com/lists/oss-security/2015/01/22/9 https://trac.xiph.org/ticket/2009 http://www.openwall.com/lists/oss-security/2015/01/21/6 http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html http://advisories.mageia.org/MGASA-2015-0051.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:037 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776086 https://access.redhat.com/security/cve/cve-2014-9640

CVE-2014-9640

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect