VYPR

rpm package

opensuse/vorbis-tools&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/vorbis-tools&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2026-34253HigMay 15, 2026
    affected < 1.4.3-2.1fixed 1.4.3-2.1

    A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow

  • CVE-2023-43361Oct 2, 2023
    affected < 1.4.2-2.1fixed 1.4.2-2.1

    Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

  • CVE-2015-6749Sep 21, 2015
    affected < 1.4.0-22.6fixed 1.4.0-22.6

    Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.

  • CVE-2014-9640Jan 23, 2015
    affected < 1.4.0-22.6fixed 1.4.0-22.6

    oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

  • CVE-2014-9639Jan 23, 2015
    affected < 1.4.0-22.6fixed 1.4.0-22.6

    Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

  • CVE-2014-9638Jan 23, 2015
    affected < 1.4.0-22.6fixed 1.4.0-22.6

    oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

  • CVE-2008-1686Apr 8, 2008
    affected < 1.4.2-1.6fixed 1.4.2-1.6

    Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a hea