vorbis-tools
Page content
- Vulnerable: 1.1.1-3
- Unaffected: 1.1.1-4kalgan1
A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative “modeID” field in the header. Successful exploitation may allow execution of arbitrary code.
- Bug Tracker URL: http://bugs.frugalware.org/task/3032