Home / vulnerabilities Vorbis Tools Division-By-Zero / Integer Overflow
Posted on 21 January 2015
Source : packetstormsecurity.org Link
----------
Background
----------
Vorbis tools is a package containing tools to use, manipulate and create
Vorbis files.
----------------
Software Version
----------------
All tests were performed using vorbis-tools latest svn (Revision: 19440)
-----------
Description
-----------
During a fuzzing session (using afl-fuzzer) two issues were discovered
in oggenc tool of vorbis-tools :
* a division by zero bug
* an integer overflow leading to out-of-bounds memory read
Both issues are triggered by the number of channels in the input WAV file.
More info can be found at :
https://trac.xiph.org/ticket/2137 (division by zero)
https://trac.xiph.org/ticket/2136 (integer overflow)
--------
Timeline
--------
2014-12-29 Issue reported to xiph.org bug tracker
2014-01-18 No response, public disclosure
--
Paris Zoumpouloglou
@pzmini0n
https://projectzero.gr
