Xiaoxiong

**Name of the Vulnerable Software and Affected Versions** oggvideotools version 0.9.1 **Description** The issue allows remote attackers to run arbitrary code via the opening of a crafted ogg file. This is due to a Buffer Overflow vulnerability. **Recommendations** For oggvideotools version 0.9.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** oggvideotools version 0.9.1 **Description** A Segmentation Fault issue was discovered in the `StreamSerializer::extractStreams` function in `streamSerializer.cpp`, allowing remote attackers to cause a denial of service (crash) via the opening of a crafted ogg file. **Recommendations** For oggvideotools version 0.9.1, consider avoiding the use of the `StreamSerializer::extractStreams` function until a patch is available. As a temporary workaround, restrict the opening of ogg files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** oggvideotools version 0.9.1 **Description** The issue allows remote attackers to run arbitrary code via the opening of a crafted ogg file, exploiting a Buffer Overflow vulnerability in the ExtractorInformation function in streamExtractor.cpp. **Recommendations** For oggvideotools version 0.9.1, consider disabling the ExtractorInformation function in streamExtractor.cpp as a temporary workaround until a patch is available. Restrict access to crafted ogg files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.