Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 22 Security Update: Critical Oggenc Buffer Overflow CVE-2015-14663

fedora
Calendar Grey September 16, 2015
Dist Fedora Esm H88
Crucial Fedora 22 vorbis-tools patch tackles buffer overflow vulnerability linked to malformed AIFF files. Full information below.
- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)

Summary

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,

general-purpose compressed audio format for audio and music at fixed

and variable bitrates from 16 to 128 kbps/channel.

The vorbis package contains an encoder, a decoder, a playback tool, and a

comment editor.

Update Information:

- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)

Topics%20covered

Topics Covered

security advisory buffer overflow software update Fedora vulnerability audio tools oggenc

Change Log

References


[ 1 ] Bug #1258424 - vorbis-tools: Bufer overflow in aiff_open function https://bugzilla.redhat.com/show_bug.cgi?id=1258424 [ 2 ] Bug #1258443 - CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1258443

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update vorbis-tools' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vorbis-tools
Product: Fedora 22
Version: 1.4.0
Release: 20.fc22
URL: https://www.xiph.org/
Summary: The Vorbis General Audio Compression Codec tools

Topics%20covered

Topics Covered

security advisory buffer overflow software update Fedora vulnerability audio tools oggenc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here