FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vorbis-tools, opus-tools -- multiple vulnerabilities

Affected packages
vorbis-tools < 1.4.0_10,3
opus-tools < 0.1.9_2

Details

VuXML ID a35f415d-572a-11e5-b0a4-f8b156b6dcc8
Discovery 2015-08-08
Entry 2015-09-09
Modified 2015-09-09

Paris Zoumpouloglou reports:

I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash.

[source]

Paris Zoumpouloglou reports:

A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue.

[source]

pengsu reports:

I discovered an buffer overflow issue in oggenc/audio.c when it tries to open invalid aiff file.

[source]

References

CVE Name CVE-2014-9638
CVE Name CVE-2014-9639
CVE Name CVE-2015-6749
FreeBSD PR ports/202941
URL https://trac.xiph.org/ticket/2136
URL https://trac.xiph.org/ticket/2137
URL https://trac.xiph.org/ticket/2212

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.