4.3

CVE-2015-6749

Exploit
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XiphVorbis-tools Version <= 1.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.79% 0.886
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00013.html
http://seclists.org/oss-sec/2015/q3/455
http://seclists.org/oss-sec/2015/q3/457
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461
https://bugzilla.redhat.com/show_bug.cgi?id=1258424
https://bugzilla.redhat.com/show_bug.cgi?id=1258443
https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
https://trac.xiph.org/ticket/2212
Exploit