Bug 2234728 (CVE-2020-21724) - CVE-2020-21724 oggvideotools: buffer overflow vulnerability in ExtractorInformation()
Summary: CVE-2020-21724 oggvideotools: buffer overflow vulnerability in ExtractorInfor...
Status: NEW
Alias: CVE-2020-21724
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2234729 2234730
TreeView+ depends on / blocked
Reported: 2023-08-25 09:37 UTC by Mauro Matteo Cascella
Modified: 2023-08-27 08:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-08-25 09:37:03 UTC
Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.


Comment 1 Mauro Matteo Cascella 2023-08-25 09:37:20 UTC
Created oggvideotools tracking bugs for this issue:

Affects: fedora-37 [bug 2234729]
Affects: fedora-38 [bug 2234730]

Comment 2 Zbigniew Jędrzejewski-Szmek 2023-08-27 08:45:37 UTC
I can confirm the issue with the reported sample.
I don't see a patch anywhere.

Note that there's also https://ubuntu.com/security/CVE-2020-11724,
which is about nginx_lua.

Note You need to log in before you can comment on or make changes to this bug.