oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: vorbis-tools: buffer overflow in aiff_open()

From: cve-assign () mitre org
Date: Sun, 30 Aug 2015 08:58:54 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Affected Version: <= Revision 19495
I was testing with vorbis-tools-1.4.0
https://wiki.xiph.org/Vorbis-tools



An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.

274    if(fread(buffer,1,len,in) < len)
The input buffer and length can be controlled by user indirectly via:

260    if(!find_aiff_chunk(in, "COMM", &len))



oggenc aiff_open buffer overflow
https://trac.xiph.org/ticket/2212


Use CVE-2015-6749.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV4v0DAAoJEL54rhJi8gl5ITkQALDXlsXi993gR0THhgevCT7K
SS9FX+eZBGyO3u/6X+XztB+kyQOKpRAKxW1t9zKsOuB96RU6zdD4F1mSUd0Ex8GC
10BjDCHuRnmzTOaKLrVWcMKGneXBnQkGklDzKk0nd3VRUyQ0Nso9WPqrblq9qocu
RLZUWlgE8W6ObwrFAFxu9aNMEWJZqoi0hIsQg7mdYbQNnE30PHw9raifIPIMze2V
Kd61d6F2RxSr61DJ5A21EDHTyEKUdhQE8VRWMx+UegzFzVjIc1yK8eHRz2SgJkag
YtP2Cx9STH/sd/6ygswu36iGop1Y6ECRM0N7GzNkpqMaHa1Og202e30NR+P8dcgg
u5DoXNS1+Q7bn3xc9C1807O5+QkUsnCtXbT37XTAkTI9EzRoNpEaOzyptKXc5dGp
Id9hOuJHRfYZGliPlCrAzmoS3Tyb77JWePpDoVoB96zRUMVhPZZ+1Vble54aFM33
cvALFULGBJC9B+a8zZwaH/ppls8nsmbntStvx1CfF3SgYlG8QqlcZEYKvGXOUXaP
nTkHD/J8Bf4QRdMjQbSQDCFpjWoLXkwd8MkJHWxE65NKBqm4Wq5yQSlHSPF7QnYH
Mvhj1DhISRceHZ29gfIykAP1Q2o3ScctN3XN+NPk0x+iMomDQNoUQ72TDasLX5sG
UvkC0Up58HST8GoUqQw7
=ZACh
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: