About the software
Vorbis tools is a package containing tools to use, manipulate and create Vorbis files.
All tests were performed using vorbis-tools latest svn (Revision: 19440)
During a fuzzing session (using afl-fuzzer) two issues were discovered in oggenc tool of vorbis-tools :
- a division by zero bug
- an integer overflow leading to out-of-bounds memory read
Both issues are triggered when the number of channels in the input WAV file is set to 0.
More info can be found at :
- CVE-2014-9638 : Oggenc division by zero issue (link)
- CVE-2014-9639 : Oggenc channel integer overflow (link)
2014-12-29 Issue reported to xiph.org bug tracker
2014-01-18 No response, public disclosure
Reported by Paris Zoumpouloglou of Project Zero labs (https://projectzero.gr)