PT-2015-4317 · Xiph.Org+2 · Vorbis-Tools+2

Publicado

2015-01-23

Atualizado

2024-06-15

CVE-2014-9639

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions vorbis-tools version 1.4.0

Description The issue is related to an integer overflow in oggenc, which can be triggered by a crafted number of channels in a WAV file. This leads to an out-of-bounds memory access, causing a denial of service (crash).

Recommendations For version 1.4.0, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2021-2124

ALT-PU-2023-1433

AZL-6953

AZL-7401

CVE-2014-9639

DLA-1010-1

DLA-317-1

MGASA-2015-0094

OPENSUSE-SU-2024:10259-1

SUSE-SU-2015:1014-1

SUSE-SU-2015:1775-1

Produtos afetados

Alt Linux

Suse

Vorbis-Tools

PT-2015-4317 · Xiph.Org+2 · Vorbis-Tools+2

CVE-2014-9639

Identificadores relacionados

Produtos afetados

Referências · 33