Red Hat Bugzilla – Bug 1258424
vorbis-tools: Bufer overflow in aiff_open function
Last modified: 2015-10-22 03:39:43 EDT
A buffer overflow vulnerability was found in oggenc/audio.c in function aiff_open when trying to open invalid aiff file:
if(fread(buffer,1,len,in) < len)
where variable 'len' can be controlled by user via:
if(!find_aiff_chunk(in, "COMM", &len))
Upstream report (containing reproducer):
Created vorbis-tools tracking bugs for this issue:
Affects: fedora-all [bug 1258427]
*** This bug has been marked as a duplicate of bug 1258443 ***
vorbis-tools-1.4.0-22.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
vorbis-tools-1.4.0-20.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.