Debian Vorbis-Tools vulnerabilities

6 known vulnerabilities affecting debian/vorbis-tools.

Total CVEs

6

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

MEDIUM3LOW3

Vulnerabilities

Page 1 of 1

CVE-2023-43361LOWCVSS 7.8fixed in vorbis-tools 1.4.3-1 (forky)2023

CVE-2023-43361 [HIGH] CVE-2023-43361: vorbis-tools - Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to... Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.4.3-1) sid: resolved (fixed in 1.4.3-1) trixie: resolved (fixed in 1.4.3-1)

CVE-2017-11331LOWCVSS 5.5PoCfixed in vorbis-tools 1.4.3-1 (forky)2017

CVE-2017-11331 [MEDIUM] CVE-2017-11331: vorbis-tools - The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows re... The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.4.3-1) sid: resolved (fixed in 1.4.3-1) trixie: resolved (fixed in 1.4.3-1)

CVE-2015-6749MEDIUMCVSS 4.3fixed in vorbis-tools 1.4.0-7 (bookworm)2015

CVE-2015-6749 [MEDIUM] CVE-2015-6749: vorbis-tools - Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.... Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. Scope: local bookworm: resolved (fixed in 1.4.0-7) bullseye: resolved (fixed in 1.4.0-7) forky: resolved (fixed in 1.4.0-7) sid: resolved (fixed in 1.4.0-7) trixie: resolved (fixed in

CVE-2014-9639MEDIUMCVSS 5.0fixed in opus-tools 0.1.10-1 (bookworm)2014

CVE-2014-9639 [MEDIUM] CVE-2014-9639: opus-tools - Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to caus... Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Scope: local bookworm: resolved (fixed in 0.1.10-1) bullseye: resolved (fixed in 0.1.10-1) forky: resolved (fixed in 0.1.10-1) sid: resolved (fixed in 0.1.10-1)

CVE-2014-9640MEDIUMCVSS 5.0fixed in vorbis-tools 1.4.0-6 (bookworm)2014

CVE-2014-9640 [MEDIUM] CVE-2014-9640: vorbis-tools - oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial ... oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. Scope: local bookworm: resolved (fixed in 1.4.0-6) bullseye: resolved (fixed in 1.4.0-6) forky: resolved (fixed in 1.4.0-6) sid: resolved (fixed in 1.4.0-6) trixie: resolved (fixed in 1.4.0-6)

CVE-2014-9638LOWCVSS 5.0fixed in opus-tools 0.1.10-1 (bookworm)2014

CVE-2014-9638 [MEDIUM] CVE-2014-9638: opus-tools - oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of servic... oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Scope: local bookworm: resolved (fixed in 0.1.10-1) bullseye: resolved (fixed in 0.1.10-1) forky: resolved (fixed in 0.1.10-1) sid: resolved (fixed in 0.1.10-1) trixie: resolved (fixed in 0.1.10