INFSA-2024:3095: vorbis-tools security update
Information about definition
Identificator: INFSA-2024:3095
Type: security
Release date: 2024-08-23 18:56:35 UTC
Information about package
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format.
Vulnerabilities description
- CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-43361
|
no information | 7.3 | no information |
Updated packages