[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: vorbis-tools: buffer overflow in aiff_open()
From:       cve-assign () mitre ! org
Date:       2015-08-30 12:58:54
Message-ID: 20150830125854.D2A876C0065 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Affected Version: <= Revision 19495
> I was testing with vorbis-tools-1.4.0
> https://wiki.xiph.org/Vorbis-tools

> An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.
> 
> 274    if(fread(buffer,1,len,in) < len)
> The input buffer and length can be controlled by user indirectly via:
> 
> 260    if(!find_aiff_chunk(in, "COMM", &len))

> oggenc aiff_open buffer overflow
> https://trac.xiph.org/ticket/2212

Use CVE-2015-6749.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV4v0DAAoJEL54rhJi8gl5ITkQALDXlsXi993gR0THhgevCT7K
SS9FX+eZBGyO3u/6X+XztB+kyQOKpRAKxW1t9zKsOuB96RU6zdD4F1mSUd0Ex8GC
10BjDCHuRnmzTOaKLrVWcMKGneXBnQkGklDzKk0nd3VRUyQ0Nso9WPqrblq9qocu
RLZUWlgE8W6ObwrFAFxu9aNMEWJZqoi0hIsQg7mdYbQNnE30PHw9raifIPIMze2V
Kd61d6F2RxSr61DJ5A21EDHTyEKUdhQE8VRWMx+UegzFzVjIc1yK8eHRz2SgJkag
YtP2Cx9STH/sd/6ygswu36iGop1Y6ECRM0N7GzNkpqMaHa1Og202e30NR+P8dcgg
u5DoXNS1+Q7bn3xc9C1807O5+QkUsnCtXbT37XTAkTI9EzRoNpEaOzyptKXc5dGp
Id9hOuJHRfYZGliPlCrAzmoS3Tyb77JWePpDoVoB96zRUMVhPZZ+1Vble54aFM33
cvALFULGBJC9B+a8zZwaH/ppls8nsmbntStvx1CfF3SgYlG8QqlcZEYKvGXOUXaP
nTkHD/J8Bf4QRdMjQbSQDCFpjWoLXkwd8MkJHWxE65NKBqm4Wq5yQSlHSPF7QnYH
Mvhj1DhISRceHZ29gfIykAP1Q2o3ScctN3XN+NPk0x+iMomDQNoUQ72TDasLX5sG
UvkC0Up58HST8GoUqQw7
=ZACh
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]