VYPR
Vendor

Xiph.Org

Products
13
CVEs
50
Across products
53
Status
Private

Products

13

Recent CVEs

50
View all 50 CVEs →
  • CVE-2017-14632CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.06

    Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

  • CVE-2017-14160HigSep 21, 2017
    risk 0.58cvss 8.8epss 0.05

    The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

  • CVE-2018-10392HigApr 26, 2018
    risk 0.57cvss 8.8epss 0.03

    mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

  • CVE-2026-34253HigMay 15, 2026
    risk 0.53cvss 8.2epss 0.01

    A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow…

  • CVE-2018-10393HigApr 26, 2018
    risk 0.49cvss 7.5epss 0.02

    bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

  • CVE-2017-14633MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

  • CVE-2017-11548MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.04

    The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.

  • CVE-2017-11333MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.05

    The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

  • CVE-2017-11331MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.04

    The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.

  • CVE-2026-5673MedApr 6, 2026
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI…

  • CVE-2004-1561Dec 31, 2004
    risk 0.09cvss epss 0.78

    Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

  • CVE-2018-18820Nov 5, 2018
    risk 0.05cvss epss 0.49

    A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote…

  • CVE-2005-0838May 2, 2005
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of…

  • CVE-2002-0177Apr 22, 2002
    risk 0.04cvss epss 0.10

    Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.

  • CVE-2001-0784Oct 18, 2001
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

  • CVE-2001-1083Jun 26, 2001
    risk 0.04cvss epss 0.10

    Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

  • CVE-2001-0197Mar 26, 2001
    risk 0.04cvss epss 0.13

    Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

  • CVE-2002-1982Dec 31, 2002
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.

  • CVE-2024-56431Dec 25, 2024
    risk 0.01cvss epss 0.02

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

  • CVE-2014-9028Nov 26, 2014
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.