Unrated severityNVD Advisory· Published Sep 21, 2015· Updated May 6, 2026

CVE-2015-6749

Description

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.

Affected products

Xiph/Vorbis Tools
cpe:2.3:a:xiph:vorbis-tools:*:*:*:*:*:*:*:*
Range: <=1.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trac.xiph.org/ticket/2212nvdExploit
lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.htmlnvd
lists.opensuse.org/opensuse-updates/2015-10/msg00013.htmlnvd
seclists.org/oss-sec/2015/q3/455nvd
seclists.org/oss-sec/2015/q3/457nvd
bugs.debian.org/cgi-bin/bugreport.cginvd
bugzilla.redhat.com/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd
trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patchnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000