CVE-2014-9639 | Vulnerability Database | Aqua Security

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Affected Software

Name	Vendor	Start Version	End Version
Vorbis-tools	Xiph	1.4.0 (including)	1.4.0 (including)
Vorbis-tools	Ubuntu	lucid	*
Vorbis-tools	Ubuntu	precise	*
Vorbis-tools	Ubuntu	trusty	*
Vorbis-tools	Ubuntu	upstream	*
Vorbis-tools	Ubuntu	utopic	*
Vorbis-tools	Ubuntu	vivid	*
Vorbis-tools	Ubuntu	wily	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
http://seclists.org/fulldisclosure/2015/Jan/78
http://www.openwall.com/lists/oss-security/2015/01/21/5
http://www.openwall.com/lists/oss-security/2015/01/22/9
http://www.securityfocus.com/bid/72295
https://trac.xiph.org/ticket/2136
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
http://seclists.org/fulldisclosure/2015/Jan/78
http://www.openwall.com/lists/oss-security/2015/01/21/5
http://www.openwall.com/lists/oss-security/2015/01/22/9
http://www.securityfocus.com/bid/72295
https://trac.xiph.org/ticket/2136

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9639
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html