CVE-2014-9639 in Ubuntu

CVE-2014-9639

Priority

Description

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (crash) via a crafted number of channels in a WAV
file, which triggers an out-of-bounds memory access.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9639

Bugs

https://trac.xiph.org/ticket/2136
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776086

Notes

Package

Source: vorbis-tools (LP Ubuntu Debian)

Upstream:	released (1.4.0-7)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.4.0-7ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant (Focal Fossa):	not-affected (1.4.0-7ubuntu1)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-11 00:52:18 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)