ID CVE-2014-9639
Summary Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
References
Vulnerable Configurations
  • xiph Vorbis-tools 1.4.0
    cpe:2.3:a:xiph:vorbis-tools:1.4.0
  • Fedora 20
    cpe:2.3:o:fedoraproject:fedora:20
  • Fedora 21
    cpe:2.3:o:fedoraproject:fedora:21
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 5.0 (as of 10-09-2015 - 08:59)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1014-1.NASL
    description Vorbis tools was updated to fix division by zero and integer overflows by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441), that would allow attackers to crash the vorbis tools processes. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84080
    published 2015-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84080
    title SUSE SLED12 / SLES12 Security Update : vorbis-tools (SUSE-SU-2015:1014-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1775-1.NASL
    description vorbis-tools was updated to fix several security issues. - A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795). - A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86464
    published 2015-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86464
    title SUSE SLED11 Security Update : vorbis-tools (SUSE-SU-2015:1775-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A35F415D572A11E5B0A4F8B156B6DCC8.NASL
    description Paris Zoumpouloglou reports : I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash. Paris Zoumpouloglou reports : A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue. pengsu reports : I discovered an buffer overflow issue in oggenc/audio.c when it tries to open invalid aiff file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85893
    published 2015-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85893
    title FreeBSD : vorbis-tools, opus-tools -- multiple vulnerabilities (a35f415d-572a-11e5-b0a4-f8b156b6dcc8)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-239.NASL
    description vorbis-tools was updated to fix division by zero and integer overflow by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441).
    last seen 2019-02-21
    modified 2015-03-20
    plugin id 81945
    published 2015-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81945
    title openSUSE Security Update : vorbis-tools (openSUSE-2015-239)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-2335.NASL
    description - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81586
    published 2015-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81586
    title Fedora 21 : vorbis-tools-1.4.0-19.fc21 (2015-2335)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-2330.NASL
    description - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81585
    published 2015-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81585
    title Fedora 20 : vorbis-tools-1.4.0-14.fc20 (2015-2330)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1010.NASL
    description vorbis-tools is vulnerable to multiple issues that can result in denial of service. CVE-2014-9638 Divide by zero error in oggenc with a WAV file whose number of channels is set to zero. CVE-2014-9639 Integer overflow in oggenc via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. CVE-2014-9640 Out-of bounds read in oggenc via a crafted raw file. CVE-2015-6749 Buffer overflow in the aiff_open function in oggenc/audio.c via a crafted AIFF file. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.0-1+deb7u1. We recommend that you upgrade your vorbis-tools packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 101209
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101209
    title Debian DLA-1010-1 : vorbis-tools security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-317.NASL
    description Various issues have been fixed in Debian LTS (squeeze) for package vorbis-tools. CVE-2014-9638 A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue. This issue has been fixed upstream by providing a fix for CVE-2014-9639. Reported upstream by 'zuBux'. CVE-2014-9639 An integer overflow issue was discovered in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash here (audio.c). Reported upstream by 'zuBux'. The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze). CVE-2014-9640 Fix for a crash on closing raw input (dd if=/dev/zero bs=1 count=1 | oggenc -r - -o out.ogg). Reported upstream by 'hanno'. The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze). CVE-2015-6749 Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allowed remote attackers to cause a denial of service (crash) via a crafted AIFF file. Reported upstream by 'pengsu'. The upstream fix for this has been backported to vorbis-tools in Debian LTS (squeeze). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86196
    published 2015-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86196
    title Debian DLA-317-1 : vorbis-tools security update
refmap via4
bid 72295
fedora
  • FEDORA-2015-2330
  • FEDORA-2015-2335
fulldisc 20150119 vorbis-tools issues
misc https://trac.xiph.org/ticket/2136
mlist
  • [oss-security] 20150121 CVE request: two issues in vorbis-tools
  • [oss-security] 20150122 Re: CVE request: two issues in vorbis-tools
suse openSUSE-SU-2015:0522
Last major update 10-09-2015 - 11:59
Published 23-01-2015 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top