AZL-6953 CVE-2014-9639 affecting package vorbis-tools for versions less than 1.4.0-35

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service crash via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access...

AZL-6952 CVE-2014-9638 affecting package vorbis-tools for versions less than 1.4.0-35

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service divide-by-zero error and crash via a WAV file with the number of channels set to zero...