A buffer overflow flaw was found in the way the oggenc utility, which is used to encode audio into the Ogg Vorbis format, handled invalid AIFF files. An attacker could provide a specially crafted AIFF file that would crash oggenc when processed.
Upstream bug with a patch:
Additional info in:
Created vorbis-tools tracking bugs for this issue:
Affects: fedora-all [bug 1258444]
Is this a duplicate of bug #1258424?
(In reply to Kamil Dudka from comment #5)
> Is this a duplicate of bug #1258424?
Yes, it is. Sorry about that. I'll close the other one since this one contains more info.
*** Bug 1258424 has been marked as a duplicate of this bug. ***
vorbis-tools-1.4.0-22.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
vorbis-tools-1.4.0-20.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.