Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2015 13:50:46 +0100
From: Martin Prpic <mprpic@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: two issues in vorbis-tools

Hi,

Two issues were reported in vorbis-tools on Full Disclosure:

http://seclists.org/fulldisclosure/2015/Jan/78

Issues in question:

https://trac.xiph.org/ticket/2137
-- a divide-by-zero issue leading to a crash

https://trac.xiph.org/ticket/2136
-- an integer overflow leading to an out-of-bounds memory read

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ