[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: vorbis-tools: buffer overflow in aiff_open()
From:       "pcheng pcheng" <pcheng () gmx ! com>
Date:       2015-08-29 3:44:07
Message-ID: trinity-116f3199-3a24-4fd2-926b-9e59b39c2a36-1440819846798 () 3capp-mailcom-lxa14
[Download RAW message or body]

Name : vorbis-tool
Affected Version: <= Revision 19495
URL : https://wiki.xiph.org/Vorbis-tools

Description :
An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.

274    if(fread(buffer,1,len,in) < len)
The input buffer and length can be controlled by user indirectly via:

260    if(!find_aiff_chunk(in, "COMM", &len))

More info can be found at :
https://trac.xiph.org/ticket/2212
[prev in list] [next in list] [prev in thread] [next in thread]