Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 11:50:16 -0500 (EST)
To: Hanno Böck <>
Subject: Re: CVE request: two issues in vorbis-tools

On Wed, 21 Jan 2015, Hanno Böck wrote:

> On Wed, 21 Jan 2015 13:50:46 +0100
> Martin Prpic <> wrote:
>> Two issues were reported in vorbis-tools on Full Disclosure:

CVE-2014-9638 - (division by zero)

CVE-2014-9639 - (integer overflow)

(These received IDs from 2014 due to the date of the bug report.)

> In addition to that: I reported this issue
> a while back which also crashes oggenc.
> I didn't think about security implications back then, but it's also an
> out of bounds read issue.
> After bugging the devs on irc it got fixed in the code but never saw a
> release.

Use CVE-2014-9640.


CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ