Debian Security Advisory

DLA-317-1 vorbis-tools -- LTS security update

Date Reported:
29 Sep 2015
Affected Packages:
vorbis-tools
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-9638, CVE-2014-9639, CVE-2014-9640, CVE-2015-6749.
More information:

Various issues have been fixed in Debian LTS (squeeze) for package vorbis-tools.

  • CVE-2014-9638

    A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue. This issue has been fixed upstream by providing a fix for CVE-2014-9639. Reported upstream by zuBux.

  • CVE-2014-9639

    An integer overflow issue was discovered in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash here (audio.c). Reported upstream by zuBux.

    The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze).

  • CVE-2014-9640

    Fix for a crash on closing raw input (dd if=/dev/zero bs=1 count=1 | oggenc -r - -o out.ogg). Reported upstream by hanno.

    The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze).

  • CVE-2015-6749

    Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allowed remote attackers to cause a denial of service (crash) via a crafted AIFF file. Reported upstream by pengsu.

    The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze).