CVE-2015-3026
https://notcve.org/view.php?id=CVE-2015-3026
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." Icecast anterior a 2.4.2, cuando un manejador stream_auth está definido para la autenticación de URLs, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de una solicitud sin las credenciales de inicio de sesión, tal y como fue demostrado por una solicitud a 'admin/killsource?mount=/test.ogg.' • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164061.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164074.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html http://www.debian.org/security/2015/dsa-3239 http://www.openwall.com/lists/oss-security/2015/04/08/11 http://www.o •
CVE-2014-9640
https://notcve.org/view.php?id=CVE-2014-9640
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. oggenc/oggenc.c en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un fichero raw manipulado. • http://advisories.mageia.org/MGASA-2015-0051.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:037 http://www.openwall.com/lists/oss-security/2015/01/21/6 http://www.openwall.com/lists/oss-security/2015/01/22/9 https://trac.xiph.org/changeset/19117 https://trac.xiph.org/ticket/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9638
https://notcve.org/view.php?id=CVE-2014-9638
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. oggenc en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (error de la división por cero y caída) a través de un fichero WAV con el número de canales configurado en cero. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html http://seclists.org/fulldisclosure/2015/Jan/78 http://www.openwall.com/lists/oss-security/2015/01/21/5 http://www.openwall.com/lists/oss-security/2015/01/22/9 http://www.securityfocus.com/bid/72290 https://trac.xiph.org/ticket/2137 •
CVE-2014-9639
https://notcve.org/view.php?id=CVE-2014-9639
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Desbordamiento de enteros en oggenc en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de un número manipulado de canales en un fichero WAV, lo que provoca un acceso a memoria fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html http://seclists.org/fulldisclosure/2015/Jan/78 http://www.openwall.com/lists/oss-security/2015/01/21/5 http://www.openwall.com/lists/oss-security/2015/01/22/9 http://www.securityfocus.com/bid/72295 https://trac.xiph.org/ticket/2136 •
CVE-2011-4612
https://notcve.org/view.php?id=CVE-2011-4612
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. icecast antes de v2.3.3 permite a atacantes remotos inyectar caracteres de control, tales como saltos de línea en registro de errores (error.log) a través de una URL maliciosa. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090695.html http://www.icecast.org https://bugzilla.redhat.com/show_bug.cgi?id=768176 • CWE-20: Improper Input Validation •