vorbis-tools -- Speex header processing vulnerability

2008-04-18T00:00:00
ID 633716FA-1F8F-11DD-B143-0211D880E350
Type freebsd
Reporter FreeBSD
Modified 2008-04-18T00:00:00

Description

Secunia reports:

A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.