Note:
This project will be discontinued after December 13, 2021. [more]
2015-09-21
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
Products | Vorbis\-Tools |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch | - None (likely due to unavailable code) |
Links |
• https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
• http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html • http://seclists.org/oss-sec/2015/q3/455 • https://bugzilla.redhat.com/show_bug.cgi?id=1258443 |