Denial of Service Vulnerability in Vorbis-tools by Xiph.org
CVE-2014-9638

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora; Opensuse
Vendor: CVE Published:; 23 January 2015

Summary

A vulnerability exists in vorbis-tools version 1.4.0 that allows remote attackers to trigger a denial of service by exploiting a divide-by-zero error. This can occur when processing a WAV file with an invalid number of channels set to zero, which results in a crash of the oggenc component. Proper validation of input parameters is crucial to prevent such exploits.

References

https://trac.xiph.org/ticket/2137

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/01/21/5

mailing-listx_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Jan 23, 2015
Vulnerability Reserved
Jan 22, 2015