CVE-2015-6749 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Vorbis-tools

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph Vorbis-tools Debian Vorbis-tools Msrc CBL Mariner 2.0 ARM +1 more

Timeline

PublishedSep 21

Latest updateMay 17

Description

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/vorbis-tools< vorbis-tools 1.4.0-7 (bookworm)

▶Debianxiph/vorbis-tools< 1.4.0-7+3

▶NVDxiph/vorbis-tools1.4.0

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

🔴Vulnerability Details

GHSA

GHSA-8v83-gwwh-26pr: Buffer overflow in the aiff_open function in oggenc/audio↗2022-05-17

▶

OSV

CVE-2015-6749: Buffer overflow in the aiff_open function in oggenc/audio↗2015-09-21

▶

📋Vendor Advisories

Microsoft

CVE-2015-6749: NIST NVD Details: https://nvd↗2021-12-14

▶

Red Hat

vorbis-tools: invalid AIFF file causes alloca() buffer overflow↗2015-08-30

▶

Debian

CVE-2015-6749: vorbis-tools - Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4....↗2015

▶

💬Community

Bugzilla

CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow [fedora-all]↗2015-08-31

▶

Bugzilla

CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow↗2015-08-31

▶