Описание
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| vorbis-tools | fixed | 1.4.0-7 | package | |
| vorbis-tools | fixed | 1.4.0-6+deb8u1 | jessie | package |
| opus-tools | fixed | 0.1.10-1 | package |
Примечания
https://trac.xiph.org/ticket/2137
Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
No security impact
proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
EPSS
Связанные уязвимости
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
EPSS