Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/9/
Created oggvideotools tracking bugs for this issue: Affects: fedora-37 [bug 2234729] Affects: fedora-38 [bug 2234730]
I can confirm the issue with the reported sample. I don't see a patch anywhere. Note that there's also https://ubuntu.com/security/CVE-2020-11724, which is about nginx_lua.