Denial of Service Vulnerability in Vorbis-tools by Xiph.org
CVE-2014-9638

Currently unrated

Key Information:

Vendor

Fedoraproject

Status
Fedora
Opensuse
Vendor
CVE Published:
23 January 2015

What is CVE-2014-9638?

A vulnerability exists in vorbis-tools version 1.4.0 that allows remote attackers to trigger a denial of service by exploiting a divide-by-zero error. This can occur when processing a WAV file with an invalid number of channels set to zero, which results in a crash of the oggenc component. Proper validation of input parameters is crucial to prevent such exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://trac.xiph.org/ticket/2137
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/01/21/5
mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.