FS#44172 - [vorbis-tools][CVE-2014-9638][CVE-2014-9639][CVE-2014-9640] Denial of Service
Attached to Project:
Arch Linux
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:13 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 25 March 2015, 00:28 GMT
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:13 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 25 March 2015, 00:28 GMT
|
Details
Summary
======= CVE-2014-9638 -------------- oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. CVE-2014-9639 ------------- Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. CVE-2014-9640 -------------- oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. References ========== http://www.openwall.com/lists/oss-security/2015/01/22/9 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9638 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9639 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9640 |
This task depends upon
Closed by Eric Belanger (Snowman)
Wednesday, 25 March 2015, 00:28 GMT
Reason for closing: Fixed
Additional comments about closing: vorbis-tools-1.4.0-5
Wednesday, 25 March 2015, 00:28 GMT
Reason for closing: Fixed
Additional comments about closing: vorbis-tools-1.4.0-5