vorbis-tools vulnerability

ID USN-611-2
Type ubuntu
Reporter Ubuntu
Modified 2008-05-08T00:00:00


USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.

Original advisory details:

It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.