CVE-2014-9638,9639 – Vorbis-tools Issues

About the software

Vorbis tools is a package containing tools to use, manipulate and create Vorbis files.

Affected Version(s)

All tests were performed using vorbis-tools latest svn (Revision: 19440)

Description

During a fuzzing session (using afl-fuzzer) two issues were discovered in oggenc tool of vorbis-tools :

  • a division by zero bug
  • an integer overflow leading to out-of-bounds memory read

Both issues are triggered when the number of channels in the input WAV file is set to 0.

More info can be found at :

  • CVE-2014-9638 : Oggenc division by zero issue (link)
  • CVE-2014-9639 : Oggenc channel integer overflow (link)

Timeline

2014-12-29 Issue reported to xiph.org bug tracker
2014-01-18 No response, public disclosure

Credits

Reported by Paris Zoumpouloglou of Project Zero labs (https://projectzero.gr)

Comments are closed.