Vorbis Tools
by Xiph.Org
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34253 | Hig | 0.53 | 8.2 | 0.01 | May 15, 2026 | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow… | ||
| CVE-2017-11331 | Med | 0.39 | 5.5 | 0.04 | Jul 31, 2017 | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | ||
| CVE-2015-6749 | 0.00 | — | 0.04 | Sep 21, 2015 | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | |||
| CVE-2014-9640 | 0.00 | — | 0.03 | Jan 23, 2015 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||
| CVE-2014-9639 | 0.00 | — | 0.04 | Jan 23, 2015 | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | |||
| CVE-2014-9638 | 0.00 | — | 0.04 | Jan 23, 2015 | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. |
- risk 0.53cvss 8.2epss 0.01
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow…
- risk 0.39cvss 5.5epss 0.04
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
- CVE-2015-6749Sep 21, 2015risk 0.00cvss —epss 0.04
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
- CVE-2014-9640Jan 23, 2015risk 0.00cvss —epss 0.03
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
- CVE-2014-9639Jan 23, 2015risk 0.00cvss —epss 0.04
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
- CVE-2014-9638Jan 23, 2015risk 0.00cvss —epss 0.04
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.