本ページは xiph vorbis-tools に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-43361 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | [email protected] | 7.8 | 0.45% | 2023-10-02 | 2026-06-17 |
| CVE-2017-11331 | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | [email protected] | 5.5 | 3.79% | 2017-07-31 | 2026-06-16 |
| CVE-2015-6749 | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | [email protected] | 4.3 | 3.79% | 2015-09-21 | 2026-06-16 |
| CVE-2014-9640 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | [email protected] | 5.0 | 3.24% | 2015-01-23 | 2026-06-16 |
| CVE-2014-9639 | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | [email protected] | 5.0 | 3.57% | 2015-01-23 | 2026-06-16 |
| CVE-2014-9638 | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | [email protected] | 5.0 | 3.58% | 2015-01-23 | 2026-06-16 |