CVE-2014-9640Improper Restriction of Operations within the Bounds of a Memory Buffer in Vorbis-tools

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xiph Vorbis-toolsDebian Vorbis-toolsOpensuse
Timeline
PublishedJan 23
Latest updateMay 14

Description

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/vorbis-tools< vorbis-tools 1.4.0-6 (bookworm)
Debianxiph/vorbis-tools< 1.4.0-6+3
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

2
GHSA
GHSA-24hp-h6f6-wg59: oggenc/oggenc2022-05-14
OSV
CVE-2014-9640: oggenc/oggenc2015-01-23

📋Vendor Advisories

2
Red Hat
vorbis-tools: segfault when trying to encode trivial raw input2014-06-20
Debian
CVE-2014-9640: vorbis-tools - oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...2014

💬Community

2
Bugzilla
CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 vorbis-tools: various flaws [fedora-all]2015-01-23
Bugzilla
CVE-2014-9640 vorbis-tools: segfault when trying to encode trivial raw input2015-01-23