PT-2015-4317 · Xiph.Org+2 · Vorbis-Tools+2

Published

2015-01-23

Updated

2024-06-15

CVE-2014-9639

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions vorbis-tools version 1.4.0

Description The issue is related to an integer overflow in oggenc, which can be triggered by a crafted number of channels in a WAV file. This leads to an out-of-bounds memory access, causing a denial of service (crash).

Recommendations For version 1.4.0, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-2124

ALT-PU-2023-1433

AZL-6953

AZL-7401

CVE-2014-9639

DLA-1010-1

DLA-317-1

MGASA-2015-0094

OPENSUSE-SU-2024:10259-1

SUSE-SU-2015:1014-1

SUSE-SU-2015:1775-1

Affected Products

Alt Linux

Suse

Vorbis-Tools

PT-2015-4317 · Xiph.Org+2 · Vorbis-Tools+2

CVE-2014-9639

Related Identifiers

Affected Products

References · 33