CVE-2014-9639

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Published: Jan 23, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-9639
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xiph / vorbis-tools	1.4.0	1.4.0.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	21	21.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
http://seclists.org/fulldisclosure/2015/Jan/78
http://www.openwall.com/lists/oss-security/2015/01/21/5
http://www.openwall.com/lists/oss-security/2015/01/22/9
http://www.securityfocus.com/bid/72295
https://trac.xiph.org/ticket/2136

Vulnerability Database

290,273

CVE-2014-9639