Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
10.59%
Published
2007-03-08
Updated
2021-07-12
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Max CVSS
9.3
EPSS Score
6.57%
Published
2008-04-08
Updated
2018-10-11
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
Max CVSS
8.1
EPSS Score
41.64%
Published
2018-11-05
Updated
2019-01-23
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-01-20
Updated
2023-02-10
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Max CVSS
7.8
EPSS Score
0.07%
Published
2023-10-02
Updated
2024-01-27
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
Max CVSS
5.5
EPSS Score
0.24%
Published
2017-07-31
Updated
2020-05-28
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
Max CVSS
5.5
EPSS Score
0.17%
Published
2017-07-31
Updated
2020-05-28
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2021-11-10
Updated
2022-04-05
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Max CVSS
5.5
EPSS Score
0.07%
Published
2021-11-10
Updated
2024-03-21
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Max CVSS
5.0
EPSS Score
0.17%
Published
2012-11-20
Updated
2021-09-09
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
Max CVSS
5.0
EPSS Score
3.80%
Published
2015-01-23
Updated
2018-10-30
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Max CVSS
5.0
EPSS Score
3.80%
Published
2015-01-23
Updated
2018-10-30
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
Max CVSS
5.0
EPSS Score
3.27%
Published
2015-01-23
Updated
2018-10-30
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
Max CVSS
5.0
EPSS Score
5.01%
Published
2015-04-29
Updated
2018-10-30
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
Max CVSS
4.3
EPSS Score
2.43%
Published
2015-09-21
Updated
2016-12-08
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!