| Package: | vorbis-tools |
| Date: | 2008-05-05 |
| Vulnerable version: | 1.1.1-3 |
| Unaffected version: | 1.1.1-4kalgan1 |
| Bug tracker entry: | http://bugs.frugalware.org/task/3032 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 |
| Description: | A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code. |
