oss-sec mailing list archives
Re: CVE request: two issues in vorbis-tools
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 21 Jan 2015 14:01:16 +0100
On Wed, 21 Jan 2015 13:50:46 +0100 Martin Prpic <mprpic () redhat com> wrote:
Two issues were reported in vorbis-tools on Full Disclosure: http://seclists.org/fulldisclosure/2015/Jan/78
In addition to that: I reported this issue https://trac.xiph.org/ticket/2009 a while back which also crashes oggenc. I didn't think about security implications back then, but it's also an out of bounds read issue. After bugging the devs on irc it got fixed in the code but never saw a release. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE request: two issues in vorbis-tools Martin Prpic (Jan 21)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 23)
- Re: CVE request: two issues in vorbis-tools Paris Z (Jan 23)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)