rpm package
opensuse/vorbis-tools&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/vorbis-tools&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34253 | Hig | 8.2 | < 1.4.3-2.1 | 1.4.3-2.1 | May 15, 2026 | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow | |
| CVE-2023-43361 | — | < 1.4.2-2.1 | 1.4.2-2.1 | Oct 2, 2023 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | ||
| CVE-2015-6749 | — | < 1.4.0-22.6 | 1.4.0-22.6 | Sep 21, 2015 | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | ||
| CVE-2014-9640 | — | < 1.4.0-22.6 | 1.4.0-22.6 | Jan 23, 2015 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | ||
| CVE-2014-9639 | — | < 1.4.0-22.6 | 1.4.0-22.6 | Jan 23, 2015 | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | ||
| CVE-2014-9638 | — | < 1.4.0-22.6 | 1.4.0-22.6 | Jan 23, 2015 | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | ||
| CVE-2008-1686 | — | < 1.4.2-1.6 | 1.4.2-1.6 | Apr 8, 2008 | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a hea |
- affected < 1.4.3-2.1fixed 1.4.3-2.1
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow
- CVE-2023-43361Oct 2, 2023affected < 1.4.2-2.1fixed 1.4.2-2.1
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
- CVE-2015-6749Sep 21, 2015affected < 1.4.0-22.6fixed 1.4.0-22.6
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
- CVE-2014-9640Jan 23, 2015affected < 1.4.0-22.6fixed 1.4.0-22.6
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
- CVE-2014-9639Jan 23, 2015affected < 1.4.0-22.6fixed 1.4.0-22.6
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
- CVE-2014-9638Jan 23, 2015affected < 1.4.0-22.6fixed 1.4.0-22.6
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
- CVE-2008-1686Apr 8, 2008affected < 1.4.2-1.6fixed 1.4.2-1.6
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a hea