Date: Thu, 22 Jan 2015 11:50:16 -0500 (EST) From: cve-assign@...re.org To: Hanno Böck <hanno@...eck.de> cc: mprpic@...hat.com, oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: CVE request: two issues in vorbis-tools On Wed, 21 Jan 2015, Hanno Böck wrote: > On Wed, 21 Jan 2015 13:50:46 +0100 > Martin Prpic <mprpic@...hat.com> wrote: > >> Two issues were reported in vorbis-tools on Full Disclosure: >> >> http://seclists.org/fulldisclosure/2015/Jan/78 CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero) CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow) (These received IDs from 2014 due to the date of the bug report.) > In addition to that: I reported this issue > https://trac.xiph.org/ticket/2009 > a while back which also crashes oggenc. > > I didn't think about security implications back then, but it's also an > out of bounds read issue. > > After bugging the devs on irc it got fixed in the code but never saw a > release. Use CVE-2014-9640. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ