Bug 943795 (CVE-2015-6749) - VUL-0: CVE-2015-6749: vorbis-tools: buffer overflow in aiff_open()
Summary: VUL-0: CVE-2015-6749: vorbis-tools: buffer overflow in aiff_open()
Status: RESOLVED FIXED
Alias: CVE-2015-6749
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2015-10-21
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/151878/
Whiteboard: CVSSv2:SUSE:CVE-2015-6749:2.1:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-31 12:03 UTC by Sebastian Krahmer
Modified: 2016-03-22 16:17 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-31 12:03:20 UTC 
Quoting from oss-sec:

"Name : vorbis-tool
Affected Version: <= Revision 19495
URL : https://wiki.xiph.org/Vorbis-tools

Description :
An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.

274    if(fread(buffer,1,len,in) < len)
The input buffer and length can be controlled by user indirectly via:

260    if(!find_aiff_chunk(in, "COMM", &len))

More info can be found at :
https://trac.xiph.org/ticket/2212

"

CVE-2015-6749



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6749
http://seclists.org/oss-sec/2015/q3/457
Comment 1 Swamp Workflow Management 2015-08-31 22:00:15 UTC 
bugbot adjusting priority
Comment 3 Takashi Iwai 2015-09-04 09:45:25 UTC 
Thanks.  I've been waiting for the upstream action, but so far nothing happened in git tree.
Comment 4 Bernhard Wiedemann 2015-09-24 16:00:37 UTC 
This is an autogenerated message for OBS integration:
This bug (943795) was mentioned in
https://build.opensuse.org/request/show/333488 13.1 / vorbis-tools
https://build.opensuse.org/request/show/333489 13.2 / vorbis-tools
Comment 5 Takashi Iwai 2015-09-24 16:23:04 UTC 
Since there is no activity in the upstream, I added the patch to our packages.
Submitted to openSUSE-FACTORY, openSUSE-13.1 and openSUSE-13.2.
Submitted to SLE10-SP2-Update, SLE11-Update and SLE12-Update.
Comment 6 Takashi Iwai 2015-09-24 16:23:39 UTC 
Reassigned back to security team.
Comment 9 Swamp Workflow Management 2015-10-06 07:11:14 UTC 
openSUSE-SU-2015:1686-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 943795
CVE References: CVE-2015-6749
Sources used:
openSUSE 13.2 (src):    sssd-1.12.2-3.7.1, vorbis-tools-1.4.0-17.11.1
openSUSE 13.1 (src):    vorbis-tools-1.4.0-14.19.1
Comment 10 Swamp Workflow Management 2015-10-07 13:31:52 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-10-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62305
Comment 11 Bernhard Wiedemann 2015-10-15 18:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (943795) was mentioned in
https://build.opensuse.org/request/show/339138 Leap:42.1 / vorbis-tools
Comment 12 Swamp Workflow Management 2015-10-16 08:09:49 UTC 
SUSE-SU-2015:1765-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 943795
CVE References: CVE-2015-6749
Sources used:
SUSE Linux Enterprise Server 12 (src):    vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12 (src):    vorbis-tools-1.4.0-26.1
Comment 13 Swamp Workflow Management 2015-10-19 08:10:16 UTC 
SUSE-SU-2015:1775-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 914439,914441,943795
CVE References: CVE-2014-9638,CVE-2014-9639,CVE-2015-6749
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    vorbis-tools-1.1.1-174.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    vorbis-tools-1.1.1-174.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    vorbis-tools-1.1.1-174.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    vorbis-tools-1.1.1-174.1
Comment 14 Marcus Meissner 2016-03-22 16:17:30 UTC 
released