Описание
Security update for vorbis-tools
vorbis-tools was updated to fix several security issues.
-
A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795).
-
A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
Ссылки
- Link for SUSE-SU-2015:1775-1
- E-Mail link for SUSE-SU-2015:1775-1
- SUSE Security Ratings
- SUSE Bug 914439
- SUSE Bug 914441
- SUSE Bug 943795
- SUSE CVE CVE-2014-9638 page
- SUSE CVE CVE-2014-9639 page
- SUSE CVE CVE-2015-6749 page
Описание
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
Затронутые продукты
Ссылки
- CVE-2014-9638
- SUSE Bug 914439
- SUSE Bug 914441
Описание
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Затронутые продукты
Ссылки
- CVE-2014-9639
- SUSE Bug 1081744
- SUSE Bug 914439
- SUSE Bug 914441
Описание
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
Затронутые продукты
Ссылки
- CVE-2015-6749
- SUSE Bug 943795