Vulnerabilities > CVE-2014-9639 - Local Denial of Service vulnerability in Vorbis Tools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. <a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 | |
OS | 2 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-2335.NASL description - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-02 plugin id 81586 published 2015-03-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81586 title Fedora 21 : vorbis-tools-1.4.0-19.fc21 (2015-2335) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-2335. # include("compat.inc"); if (description) { script_id(81586); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-9638", "CVE-2014-9639"); script_bugtraq_id(72290, 72295); script_xref(name:"FEDORA", value:"2015-2335"); script_name(english:"Fedora 21 : vorbis-tools-1.4.0-19.fc21 (2015-2335)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184448" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184449" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c06283ea" ); script_set_attribute( attribute:"solution", value:"Update the affected vorbis-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vorbis-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"vorbis-tools-1.4.0-19.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vorbis-tools"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2015-2330.NASL description - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-02 plugin id 81585 published 2015-03-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81585 title Fedora 20 : vorbis-tools-1.4.0-14.fc20 (2015-2330) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-2330. # include("compat.inc"); if (description) { script_id(81585); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-9638", "CVE-2014-9639"); script_bugtraq_id(72290, 72295); script_xref(name:"FEDORA", value:"2015-2330"); script_name(english:"Fedora 20 : vorbis-tools-1.4.0-14.fc20 (2015-2330)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184448" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1184449" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?93d3ac88" ); script_set_attribute( attribute:"solution", value:"Update the affected vorbis-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vorbis-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"vorbis-tools-1.4.0-14.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vorbis-tools"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1014-1.NASL description Vorbis tools was updated to fix division by zero and integer overflows by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441), that would allow attackers to crash the vorbis tools processes. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84080 published 2015-06-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84080 title SUSE SLED12 / SLES12 Security Update : vorbis-tools (SUSE-SU-2015:1014-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1775-1.NASL description vorbis-tools was updated to fix several security issues. - A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795). - A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86464 published 2015-10-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86464 title SUSE SLED11 Security Update : vorbis-tools (SUSE-SU-2015:1775-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-317.NASL description Various issues have been fixed in Debian LTS (squeeze) for package vorbis-tools. CVE-2014-9638 A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue. This issue has been fixed upstream by providing a fix for CVE-2014-9639. Reported upstream by last seen 2020-03-17 modified 2015-09-30 plugin id 86196 published 2015-09-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86196 title Debian DLA-317-1 : vorbis-tools security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A35F415D572A11E5B0A4F8B156B6DCC8.NASL description Paris Zoumpouloglou reports : I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash. Paris Zoumpouloglou reports : A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue. pengsu reports : I discovered an buffer overflow issue in oggenc/audio.c when it tries to open invalid aiff file. last seen 2020-06-01 modified 2020-06-02 plugin id 85893 published 2015-09-10 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85893 title FreeBSD : vorbis-tools, opus-tools -- multiple vulnerabilities (a35f415d-572a-11e5-b0a4-f8b156b6dcc8) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-239.NASL description vorbis-tools was updated to fix division by zero and integer overflow by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). last seen 2020-06-05 modified 2015-03-19 plugin id 81945 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81945 title openSUSE Security Update : vorbis-tools (openSUSE-2015-239) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1010.NASL description vorbis-tools is vulnerable to multiple issues that can result in denial of service. CVE-2014-9638 Divide by zero error in oggenc with a WAV file whose number of channels is set to zero. CVE-2014-9639 Integer overflow in oggenc via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. CVE-2014-9640 Out-of bounds read in oggenc via a crafted raw file. CVE-2015-6749 Buffer overflow in the aiff_open function in oggenc/audio.c via a crafted AIFF file. For Debian 7 last seen 2020-03-17 modified 2017-07-05 plugin id 101209 published 2017-07-05 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101209 title Debian DLA-1010-1 : vorbis-tools security update
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
- http://seclists.org/fulldisclosure/2015/Jan/78
- http://www.openwall.com/lists/oss-security/2015/01/21/5
- http://www.openwall.com/lists/oss-security/2015/01/22/9
- http://www.securityfocus.com/bid/72295
- https://trac.xiph.org/ticket/2136