CVE Vulnerabilities

CVE-2014-9639

Published: Jan 23, 2015 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
LOW

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Affected Software

Name Vendor Start Version End Version
Vorbis-tools Xiph 1.4.0 (including) 1.4.0 (including)
Vorbis-tools Ubuntu lucid *
Vorbis-tools Ubuntu precise *
Vorbis-tools Ubuntu trusty *
Vorbis-tools Ubuntu upstream *
Vorbis-tools Ubuntu utopic *
Vorbis-tools Ubuntu vivid *
Vorbis-tools Ubuntu wily *

References