CVE-2015-6749 in Ubuntu

CVE-2015-6749

Priority

Description

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools
1.4.0 and earlier allows remote attackers to cause a denial of service
(crash) via a crafted AIFF file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6749
http://www.openwall.com/lists/oss-security/2015/08/29/1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461
https://trac.xiph.org/ticket/2212

Notes

Package

Source: vorbis-tools (LP Ubuntu Debian)

Upstream:	released (1.4.0-7)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.4.0-7ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant (Focal Fossa):	not-affected (1.4.0-7ubuntu1)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-11 01:01:26 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)