Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9639

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9639
Last Modified 10 Sep 2015 11:59:54
Published 23 Jan 2015 10:59:09
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9639

Summary

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 20

  • Fedoraproject Fedora 21

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Xiph Vorbis-tools 1.4.0


References

MISC - https://trac.xiph.org/ticket/2136

MLIST - [oss-security] 20150122 Re: CVE request: two issues in vorbis-tools

MLIST - [oss-security] 20150121 CVE request: two issues in vorbis-tools

FULLDISC - 20150119 vorbis-tools issues

BID - 72295

FEDORA - FEDORA-2015-2330

FEDORA - FEDORA-2015-2335

SUSE - openSUSE-SU-2015:0522


Last Updated: 27 May 2016 11:09:49