Filtered by vendor Xiph
Subscribe
Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-23904 | 1 Xiph | 1 Speex | 2024-08-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. | |||||
CVE-2023-43361 | 1 Xiph | 1 Vorbis-tools | 2024-02-28 | N/A | 7.8 HIGH |
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | |||||
CVE-2022-47021 | 2 Fedoraproject, Xiph | 2 Fedora, Opusfile | 2024-02-28 | N/A | 7.8 HIGH |
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts. | |||||
CVE-2020-23903 | 2 Fedoraproject, Xiph | 2 Fedora, Speex | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | |||||
CVE-2018-18820 | 2 Debian, Xiph | 2 Debian Linux, Icecast | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | |||||
CVE-2017-11331 | 1 Xiph | 1 Vorbis-tools | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | |||||
CVE-2017-11548 | 1 Xiph | 1 Libao | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. | |||||
CVE-2015-6749 | 1 Xiph | 1 Vorbis-tools | 2024-02-28 | 4.3 MEDIUM | N/A |
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | |||||
CVE-2014-9640 | 2 Opensuse, Xiph | 2 Opensuse, Vorbis-tools | 2024-02-28 | 5.0 MEDIUM | N/A |
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||||
CVE-2015-3026 | 3 Debian, Opensuse, Xiph | 3 Debian Linux, Opensuse, Icecast | 2024-02-28 | 5.0 MEDIUM | N/A |
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." | |||||
CVE-2014-9639 | 3 Fedoraproject, Opensuse, Xiph | 3 Fedora, Opensuse, Vorbis-tools | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | |||||
CVE-2014-9638 | 3 Fedoraproject, Opensuse, Xiph | 3 Fedora, Opensuse, Vorbis-tools | 2024-02-28 | 5.0 MEDIUM | N/A |
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | |||||
CVE-2011-4612 | 1 Xiph | 1 Icecast | 2024-02-28 | 5.0 MEDIUM | N/A |
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | |||||
CVE-2008-1686 | 2 Xine, Xiph | 3 Xine-lib, Libfishsound, Speex | 2024-02-28 | 9.3 HIGH | N/A |
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | |||||
CVE-2007-1344 | 1 Xiph | 1 Icecast Ezstream | 2024-02-28 | 9.3 HIGH | N/A |
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information. |