914938 – (CVE-2014-9640) VUL-1: CVE-2014-9640: vorbis-tools: segfault when trying to encode trivial raw input

Bug 914938 (CVE-2014-9640) - VUL-1: CVE-2014-9640: vorbis-tools: segfault when trying to encode trivial raw input

Summary: VUL-1: CVE-2014-9640: vorbis-tools: segfault when trying to encode trivial ra...

Status:	RESOLVED FIXED

Alias:	CVE-2014-9640

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/113084/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-01-27 14:30 UTC by Victor Pereira
Modified:	2016-04-27 19:34 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2015-01-27 14:30:00 UTC

rh#1185272

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial
of service (out-of-bounds read) via a crafted raw file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1185272
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9640
http://www.openwall.com/lists/oss-security/2015/01/21/6
http://seclists.org/oss-sec/2015/q1/220
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9640.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9640
http://www.cvedetails.com/cve/CVE-2014-9640/
https://trac.xiph.org/ticket/2009
https://trac.xiph.org/changeset/19117

Comment 1 Takashi Iwai 2015-01-27 17:18:38 UTC

The bug doesn't seems to be affected to the old versions of vorbis-tools that are shipped in SLE10 and SLE11.  The affected lines are: SLE11, SLE12, oS13.1, os13.2 and FACTORY, all of which ship vorbis-tools-1.4.0.

Comment 3 Bernhard Wiedemann 2015-01-27 18:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (914938) was mentioned in
https://build.opensuse.org/request/show/283040 13.2 / vorbis-tools
https://build.opensuse.org/request/show/283041 13.1 / vorbis-tools

Comment 4 Swamp Workflow Management 2015-01-27 23:00:30 UTC

bugbot adjusting priority

Comment 5 Takashi Iwai 2015-01-28 17:01:10 UTC

The fix has been submitted to all relevant projects.
Reassigned to security-team for the rest works.

Comment 6 Swamp Workflow Management 2015-02-06 17:05:24 UTC

openSUSE-SU-2015:0231-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 914938
CVE References: CVE-2014-9640
Sources used:
openSUSE 13.2 (src):    vorbis-tools-1.4.0-17.4.1
openSUSE 13.1 (src):    vorbis-tools-1.4.0-14.12.1

Comment 7 Swamp Workflow Management 2015-02-24 17:05:15 UTC

SUSE-SU-2015:0367-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 914938
CVE References: CVE-2014-9640
Sources used:
SUSE Linux Enterprise Server 12 (src):    vorbis-tools-1.4.0-19.1
SUSE Linux Enterprise Desktop 12 (src):    vorbis-tools-1.4.0-19.1

Comment 8 Johannes Segitz 2015-03-25 16:02:30 UTC

all updates released