[FD] libvorbis multiple vulnerabilities

libvorbis multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= The libvorbis package contains a general purpose audio and music encoding format. This is useful for creating (encoding) and playing (decoding) sound in an open (patent free) format. Affected version: ===== 1.3.5 Vulnerability Description: ========================== 1. the vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 can cause a denial of service(OOM) via a crafted wav file. I found this bug when I test Sound eXchange(SoX) 14.4.2 which used the libvorbis library. ./sox libvorbis_1.3.5_OOM.wav out.ogg /var/log/syslog info: Jul 13 19:58:05 ubuntu kernel: [] Out of memory: Kill process 44203 (sox) score 364 or sacrifice child Jul 13 19:58:05 ubuntu kernel: [] Killed process 44203 (sox) total-vm:1831804kB, anon-rss:599932kB, file-rss:40kB

Source: Gmail -> IFTTT-> Blogger

from Blogger http://ift.tt/2tQEIJ5


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s