SB2015092101 - Multiple vulnerabilities in Xiph.Org vorbis-tools
Published: September 21, 2015 Updated: November 10, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2015-6749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in aiff_open function in oggenc/audio.c in vorbis-tools. A remote attacker can create a specially crafted AIFF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2017-11331)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools. A remote attacker can create a specially crafted wav file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2014-9640)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in oggenc/oggenc.c in vorbis-tools. A remote attacker can create a specially crafted raw file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Out-of-bounds read (CVE-ID: CVE-2014-9639)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition in oggenc in vorbis-tools. A remote attacker can create a specially crafted WAV file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Division by zero (CVE-ID: CVE-2014-9638)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error in oggenc in vorbis-tools. A remote attacker can pass specially crafted WAV file with the number of channels set to zero to the application, trigger divide-by-zero error and crash the application.
Remediation
Install update from vendor's website.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00013.html
- http://seclists.org/oss-sec/2015/q3/455
- http://seclists.org/oss-sec/2015/q3/457
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461
- https://bugzilla.redhat.com/show_bug.cgi?id=1258424
- https://bugzilla.redhat.com/show_bug.cgi?id=1258443
- https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
- https://trac.xiph.org/ticket/2212
- http://seclists.org/fulldisclosure/2017/Jul/80
- https://www.exploit-db.com/exploits/42397/
- http://advisories.mageia.org/MGASA-2015-0051.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:037
- http://www.openwall.com/lists/oss-security/2015/01/21/6
- http://www.openwall.com/lists/oss-security/2015/01/22/9
- https://trac.xiph.org/changeset/19117
- https://trac.xiph.org/ticket/2009
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
- http://seclists.org/fulldisclosure/2015/Jan/78
- http://www.openwall.com/lists/oss-security/2015/01/21/5
- http://www.securityfocus.com/bid/72295
- https://trac.xiph.org/ticket/2136
- http://www.securityfocus.com/bid/72290
- https://trac.xiph.org/ticket/2137