FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vorbis-tools, opus-tools -- multiple vulnerabilities

Affected packages
vorbis-tools < 1.4.0_10,3
opus-tools < 0.1.9_2


VuXML ID a35f415d-572a-11e5-b0a4-f8b156b6dcc8
Discovery 2015-08-08
Entry 2015-09-09
Modified 2015-09-09

Paris Zoumpouloglou reports:

I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash.

Paris Zoumpouloglou reports:

A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue.

pengsu reports:

I discovered an buffer overflow issue in oggenc/audio.c when it tries to open invalid aiff file.


CVE Name CVE-2014-9638
CVE Name CVE-2014-9639
CVE Name CVE-2015-6749
FreeBSD PR ports/202941