ArchLinux: 201510-22: vorbis-tools: denial of service
Summary
Buffer overflow in the aiff_open function in oggenc/audio.c allows local attackers to cause a denial of service (crash) via a crafted AIFF file.
Resolution
Upgrade to 1.4.0-6.
# pacman -Syu "vorbis-tools>=1.4.0-6"
The problems have been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2015-6749 https://bugs.archlinux.org/task/46269
Workaround
None.