Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.
cb728a9c129d83a52648cfa3d767d20a9d0a57fd06b201dd2c27d486a7b8099b
----------
Background
----------
Vorbis tools is a package containing tools to use, manipulate and create
Vorbis files.
----------------
Software Version
----------------
All tests were performed using vorbis-tools latest svn (Revision: 19440)
-----------
Description
-----------
During a fuzzing session (using afl-fuzzer) two issues were discovered
in oggenc tool of vorbis-tools :
* a division by zero bug
* an integer overflow leading to out-of-bounds memory read
Both issues are triggered by the number of channels in the input WAV file.
More info can be found at :
https://trac.xiph.org/ticket/2137 (division by zero)
https://trac.xiph.org/ticket/2136 (integer overflow)
--------
Timeline
--------
2014-12-29 Issue reported to xiph.org bug tracker
2014-01-18 No response, public disclosure
--
Paris Zoumpouloglou
@pzmini0n
https://projectzero.gr