Vorbis Tools

vorbis-tools

Vendor: Xiph • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-43361 1Xiph 1Vorbis Tools Nov 4, 2025 Oct 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVE-2017-11331 1Xiph 1Vorbis Tools May 13, 2026 Jul 31, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
CVE-2015-6749 1Xiph 1Vorbis Tools May 6, 2026 Sep 21, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
CVE-2014-9640 2Opensuse Xiph 2Opensuse Vorbis Tools May 6, 2026 Jan 23, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
CVE-2014-9639 3Fedoraproject OpensuseXiph 3Fedora OpensuseVorbis Tools May 6, 2026 Jan 23, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
CVE-2014-9638 3Fedoraproject OpensuseXiph 3Fedora OpensuseVorbis Tools May 6, 2026 Jan 23, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.