[email protected]CVE-2015-6749

HistorySep 21, 2015 - 7:59 p.m.

CVE-2015-6749

2015-09-2119:59:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6749

buffer overflow

aiff

vorbis-tools

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.0%

JSON

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.

Affected configurations

NVD

Node

xiphvorbis-toolsRange≤1.4.0

CPENameOperatorVersion
xiph:vorbis-toolsxiph vorbis-toolsle1.4.0

CPE	Name	Operator	Version
xiph:vorbis-tools	xiph vorbis-tools	le	1.4.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html

lists.opensuse.org/opensuse-updates/2015-10/msg00013.html

seclists.org/oss-sec/2015/q3/455

seclists.org/oss-sec/2015/q3/457

bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461

bugzilla.redhat.com/show_bug.cgi?id=1258424

bugzilla.redhat.com/show_bug.cgi?id=1258443

trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch

trac.xiph.org/ticket/2212

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2015-6749

mageia1 cbl_mariner2 nessus11 fedora2 openvas5 debiancve1 archlinux1 ubuntucve1 nvd1 prion1 cvelist1 freebsd1 osv2 debian2 rosalinux1