Date: Wed, 21 Jan 2015 14:01:16 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request: two issues in vorbis-tools On Wed, 21 Jan 2015 13:50:46 +0100 Martin Prpic <mprpic@...hat.com> wrote: > Two issues were reported in vorbis-tools on Full Disclosure: > > http://seclists.org/fulldisclosure/2015/Jan/78 In addition to that: I reported this issue https://trac.xiph.org/ticket/2009 a while back which also crashes oggenc. I didn't think about security implications back then, but it's also an out of bounds read issue. After bugging the devs on irc it got fixed in the code but never saw a release. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ