Unrated severityNVD Advisory· Published Jan 23, 2015· Updated Jun 17, 2026
CVE-2014-9638
CVE-2014-9638
Description
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:xiph:vorbis-tools:1.4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:xiph:vorbis-tools:1.4.0:*:*:*:*:*:*:*
- (no CPE)range: 1.4.0
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- osv-coords6 versionspkg:rpm/opensuse/vorbis-tools&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vorbis-tools&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/vorbis-tools&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/vorbis-tools&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/vorbis-tools&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/vorbis-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 1.4.0-22.6+ 5 more
- (no CPE)range: < 1.4.0-22.6
- (no CPE)range: < 1.1.1-174.1
- (no CPE)range: < 1.1.1-174.1
- (no CPE)range: < 1.4.0-23.1
- (no CPE)range: < 1.4.0-23.1
- (no CPE)range: < 1.4.0-23.1
Patches
Vulnerability mechanics
References
8- trac.xiph.org/ticket/2137nvdExploit
- lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-03/msg00054.htmlnvd
- seclists.org/fulldisclosure/2015/Jan/78nvd
- www.openwall.com/lists/oss-security/2015/01/21/5nvd
- www.openwall.com/lists/oss-security/2015/01/22/9nvd
- www.securityfocus.com/bid/72290nvd
News mentions
0No linked articles in our index yet.