CVE-2023-43361 – vorbis-tools: Buffer Overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. La vulnerabilidad de desbordamiento de búfer en Vorbis-tools v.1.4.2 permite a un atacante local ejecutar código arbitrario y provocar una denegación de servicio durante la conversión de archivos wav a archivos ogg. A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files. • https://github.com/xiph/vorbis https://github.com/xiph/vorbis-tools https://github.com/xiph/vorbis-tools/issues/41 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN https://xiph.org/vorbis https://access.redhat.com/security/cve/CVE-2023-43361 https://bugzilla.redhat.com/show_bug.cgi?id=2242151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2017-11331 – Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
https://notcve.org/view.php?id=CVE-2017-11331
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. La función wav_open en el archivo oggenc/audio.c en Xiph.Org vorbis-tools versión 1.4.0, permite a los atacantes remotos causar una denegación de servicio (error de asignación de memoria) por medio de un archivo wav creado. • https://www.exploit-db.com/exploits/42397 http://seclists.org/fulldisclosure/2017/Jul/80 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6749
https://notcve.org/view.php?id=CVE-2015-6749
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. Vulnerabilidad de desbordamiento de buffer en la función aiff_open en oggenc/audio.c en vorbis-tools 1.4.0 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (caída) a través de un archivo AIFF manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00013.html http://seclists.org/oss-sec/2015/q3/455 http://seclists.org/oss-sec/2015/q3/457 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461 https://bugzilla.redhat.com/show_bug.cgi?id=1258424 https://bugzilla.redhat.com/show_bug.cgi?id=1258443 https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9640
https://notcve.org/view.php?id=CVE-2014-9640
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. oggenc/oggenc.c en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un fichero raw manipulado. • http://advisories.mageia.org/MGASA-2015-0051.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:037 http://www.openwall.com/lists/oss-security/2015/01/21/6 http://www.openwall.com/lists/oss-security/2015/01/22/9 https://trac.xiph.org/changeset/19117 https://trac.xiph.org/ticket/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9638
https://notcve.org/view.php?id=CVE-2014-9638
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. oggenc en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (error de la división por cero y caída) a través de un fichero WAV con el número de canales configurado en cero. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html http://seclists.org/fulldisclosure/2015/Jan/78 http://www.openwall.com/lists/oss-security/2015/01/21/5 http://www.openwall.com/lists/oss-security/2015/01/22/9 http://www.securityfocus.com/bid/72290 https://trac.xiph.org/ticket/2137 •