CVE-2014-9638 in Ubuntu

CVE-2014-9638

Priority

Description

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of
service (divide-by-zero error and crash) via a WAV file with the number of
channels set to zero.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9638

Bugs

https://trac.xiph.org/ticket/2137
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776086

Notes

Package

Source: vorbis-tools (LP Ubuntu Debian)

Upstream:	released (1.4.0-7)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.4.0-7ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant (Focal Fossa):	not-affected (1.4.0-7ubuntu1)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-11 00:52:18 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)