Debian LTS: DLA-1011-1 Critical: libpng Buffer Overflow Vulnerability
debian lts
July 3, 2017
vorbis-tools is vulnerable to multiple issues that can result in denial of service
Topics Covered
Summary
Divide by zero error in oggenc with a WAV file whose number of
channels is set to zero.
CVE-2014-9639
Integer overflow in oggenc via a crafted number of channels in a WAV
file, which triggers an out-of-bounds memory access.
CVE-2014-9640
Out-of bounds read in oggenc via a crafted raw file.
CVE-2015-6749
Buffer overflow in the aiff_open function in oggenc/audio.c
via a crafted AIFF file.
For Debian 7 "Wheezy", these problems have been fixed in version
1.4.0-1+deb7u1.
We recommend that you upgrade your vorbis-tools packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/lts/debian/
Learn to master Debian: https://debian-handbook.info/get/
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: vorbis-tools
Version: 1.4.0-1+deb7u1
CVE ID: CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749
Debian Bug: 797461 776086 771363
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!