Описание
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| vorbis-tools | fixed | 1.4.0-7 | package | |
| vorbis-tools | fixed | 1.4.0-6+deb8u1 | jessie | package |
| vorbis-tools | no-dsa | squeeze | package | |
| opus-tools | fixed | 0.1.10-1 | package | |
| opus-tools | no-dsa | jessie | package | |
| opus-tools | no-dsa | wheezy | package |
Примечания
https://trac.xiph.org/ticket/2136
Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
EPSS
Связанные уязвимости
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
EPSS