oss-sec mailing list archives

CVE request: vorbis-tools: buffer overflow in aiff_open()

From: "pcheng pcheng" <pcheng () gmx com>
Date: Sat, 29 Aug 2015 05:44:07 +0200

Name : vorbis-tool
Affected Version: <= Revision 19495
URL : https://wiki.xiph.org/Vorbis-tools

Description :
An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.

274    if(fread(buffer,1,len,in) < len)
The input buffer and length can be controlled by user indirectly via:

260    if(!find_aiff_chunk(in, "COMM", &len))

More info can be found at :
https://trac.xiph.org/ticket/2212

Current thread:

CVE request: vorbis-tools: buffer overflow in aiff_open() pcheng pcheng (Aug 28)
- Re: CVE request: vorbis-tools: buffer overflow in aiff_open() cve-assign (Aug 30)